blacklist controller

Author: tatevikg1

src/Subscription/Controller/BlacklistController.php

@@ -0,0 +1,284 @@
+<?php
+
+declare(strict_types=1);
+
+namespace PhpList\RestBundle\Subscription\Controller;
+
+use OpenApi\Attributes as OA;
+use PhpList\Core\Domain\Identity\Model\PrivilegeFlag;
+use PhpList\Core\Domain\Subscription\Service\Manager\SubscriberBlacklistManager;
+use PhpList\Core\Security\Authentication;
+use PhpList\RestBundle\Common\Controller\BaseController;
+use PhpList\RestBundle\Common\Validator\RequestValidator;
+use Symfony\Component\HttpFoundation\JsonResponse;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Routing\Attribute\Route;
+
+/**
+ * This controller provides REST API access to subscriber blacklist functionality.
+ */
+#[Route('/blacklist', name: 'blacklist_')]
+class BlacklistController extends BaseController
+{
+    private SubscriberBlacklistManager $blacklistManager;
+
+    public function __construct(
+        Authentication $authentication,
+        RequestValidator $validator,
+        SubscriberBlacklistManager $blacklistManager,
+    ) {
+        parent::__construct($authentication, $validator);
+        $this->authentication = $authentication;
+        $this->blacklistManager = $blacklistManager;
+    }
+
+    #[Route('/check/{email}', name: 'check', methods: ['GET'])]
+    #[OA\Get(
+        path: '/api/v2/blacklist/check/{email}',
+        description: 'Checks if an email address is blacklisted.',
+        summary: 'Check if email is blacklisted',
+        tags: ['blacklist'],
+        parameters: [
+            new OA\Parameter(
+                name: 'php-auth-pw',
+                description: 'Session key obtained from login',
+                in: 'header',
+                required: true,
+                schema: new OA\Schema(type: 'string')
+            ),
+            new OA\Parameter(
+                name: 'email',
+                description: 'Email address to check',
+                in: 'path',
+                required: true,
+                schema: new OA\Schema(type: 'string')
+            )
+        ],
+        responses: [
+            new OA\Response(
+                response: 200,
+                description: 'Success',
+                content: new OA\JsonContent(
+                    properties: [
+                        new OA\Property(property: 'blacklisted', type: 'boolean'),
+                        new OA\Property(property: 'reason', type: 'string', nullable: true)
+                    ]
+                ),
+            ),
+            new OA\Response(
+                response: 403,
+                description: 'Failure',
+                content: new OA\JsonContent(ref: '#/components/schemas/UnauthorizedResponse')
+            ),
+        ]
+    )]
+    public function checkEmailBlacklisted(Request $request, string $email): JsonResponse
+    {
+        $admin = $this->requireAuthentication($request);
+        if (!$admin->getPrivileges()->has(PrivilegeFlag::Subscribers)) {
+            throw $this->createAccessDeniedException('You are not allowed to check blacklisted emails.');
+        }
+
+        $isBlacklisted = $this->blacklistManager->isEmailBlacklisted($email);
+        $reason = $isBlacklisted ? $this->blacklistManager->getBlacklistReason($email) : null;
+
+        return $this->json([
+            'blacklisted' => $isBlacklisted,
+            'reason' => $reason,
+        ]);
+    }
+
+    #[Route('/add', name: 'add', methods: ['POST'])]
+    #[OA\Post(
+        path: '/api/v2/blacklist/add',
+        description: 'Adds an email address to the blacklist.',
+        summary: 'Add email to blacklist',
+        requestBody: new OA\RequestBody(
+            description: 'Email to blacklist',
+            required: true,
+            content: new OA\JsonContent(
+                properties: [
+                    new OA\Property(property: 'email', type: 'string'),
+                    new OA\Property(property: 'reason', type: 'string', nullable: true)
+                ]
+            )
+        ),
+        tags: ['blacklist'],
+        parameters: [
+            new OA\Parameter(
+                name: 'php-auth-pw',
+                description: 'Session key obtained from login',
+                in: 'header',
+                required: true,
+                schema: new OA\Schema(type: 'string')
+            )
+        ],
+        responses: [
+            new OA\Response(
+                response: 201,
+                description: 'Success',
+                content: new OA\JsonContent(
+                    properties: [
+                        new OA\Property(property: 'success', type: 'boolean'),
+                        new OA\Property(property: 'message', type: 'string')
+                    ]
+                ),
+            ),
+            new OA\Response(
+                response: 403,
+                description: 'Failure',
+                content: new OA\JsonContent(ref: '#/components/schemas/UnauthorizedResponse')
+            ),
+            new OA\Response(
+                response: 422,
+                description: 'Failure',
+                content: new OA\JsonContent(ref: '#/components/schemas/ValidationErrorResponse')
+            ),
+        ]
+    )]
+    public function addEmailToBlacklist(Request $request): JsonResponse
+    {
+        $admin = $this->requireAuthentication($request);
+        if (!$admin->getPrivileges()->has(PrivilegeFlag::Subscribers)) {
+            throw $this->createAccessDeniedException('You are not allowed to add emails to blacklist.');
+        }
+
+        $data = json_decode($request->getContent(), true);
+        if (!isset($data['email']) || empty($data['email'])) {
+            return $this->json(['error' => 'Email is required'], Response::HTTP_UNPROCESSABLE_ENTITY);
+        }
+
+        $email = $data['email'];
+        $reason = $data['reason'] ?? null;
+
+        $this->blacklistManager->addEmailToBlacklist($email, $reason);
+
+        return $this->json([
+            'success' => true,
+            'message' => sprintf('Email %s has been added to the blacklist', $email),
+        ], Response::HTTP_CREATED);
+    }
+
+    #[Route('/remove/{email}', name: 'remove', methods: ['DELETE'])]
+    #[OA\Delete(
+        path: '/api/v2/blacklist/remove/{email}',
+        description: 'Removes an email address from the blacklist.',
+        summary: 'Remove email from blacklist',
+        tags: ['blacklist'],
+        parameters: [
+            new OA\Parameter(
+                name: 'php-auth-pw',
+                description: 'Session key obtained from login',
+                in: 'header',
+                required: true,
+                schema: new OA\Schema(type: 'string')
+            ),
+            new OA\Parameter(
+                name: 'email',
+                description: 'Email address to remove from blacklist',
+                in: 'path',
+                required: true,
+                schema: new OA\Schema(type: 'string')
+            )
+        ],
+        responses: [
+            new OA\Response(
+                response: 200,
+                description: 'Success',
+                content: new OA\JsonContent(
+                    properties: [
+                        new OA\Property(property: 'success', type: 'boolean'),
+                        new OA\Property(property: 'message', type: 'string')
+                    ]
+                ),
+            ),
+            new OA\Response(
+                response: 403,
+                description: 'Failure',
+                content: new OA\JsonContent(ref: '#/components/schemas/UnauthorizedResponse')
+            ),
+        ]
+    )]
+    public function removeEmailFromBlacklist(Request $request, string $email): JsonResponse
+    {
+        $admin = $this->requireAuthentication($request);
+        if (!$admin->getPrivileges()->has(PrivilegeFlag::Subscribers)) {
+            throw $this->createAccessDeniedException('You are not allowed to remove emails from blacklist.');
+        }
+
+        $this->blacklistManager->removeEmailFromBlacklist($email);
+
+        return $this->json([
+            'success' => true,
+            'message' => sprintf('Email %s has been removed from the blacklist', $email),
+        ]);
+    }
+
+    #[Route('/info/{email}', name: 'info', methods: ['GET'])]
+    #[OA\Get(
+        path: '/api/v2/blacklist/info/{email}',
+        description: 'Gets detailed information about a blacklisted email.',
+        summary: 'Get blacklist information',
+        tags: ['blacklist'],
+        parameters: [
+            new OA\Parameter(
+                name: 'php-auth-pw',
+                description: 'Session key obtained from login',
+                in: 'header',
+                required: true,
+                schema: new OA\Schema(type: 'string')
+            ),
+            new OA\Parameter(
+                name: 'email',
+                description: 'Email address to get information for',
+                in: 'path',
+                required: true,
+                schema: new OA\Schema(type: 'string')
+            )
+        ],
+        responses: [
+            new OA\Response(
+                response: 200,
+                description: 'Success',
+                content: new OA\JsonContent(
+                    properties: [
+                        new OA\Property(property: 'email', type: 'string'),
+                        new OA\Property(property: 'added', type: 'string', format: 'date-time', nullable: true),
+                        new OA\Property(property: 'reason', type: 'string', nullable: true)
+                    ]
+                ),
+            ),
+            new OA\Response(
+                response: 403,
+                description: 'Failure',
+                content: new OA\JsonContent(ref: '#/components/schemas/UnauthorizedResponse')
+            ),
+            new OA\Response(
+                response: 404,
+                description: 'Failure',
+                content: new OA\JsonContent(ref: '#/components/schemas/NotFoundResponse')
+            ),
+        ]
+    )]
+    public function getBlacklistInfo(Request $request, string $email): JsonResponse
+    {
+        $admin = $this->requireAuthentication($request);
+        if (!$admin->getPrivileges()->has(PrivilegeFlag::Subscribers)) {
+            throw $this->createAccessDeniedException('You are not allowed to view blacklist information.');
+        }
+
+        $blacklistInfo = $this->blacklistManager->getBlacklistInfo($email);
+        if (!$blacklistInfo) {
+            return $this->json(['error' => sprintf('Email %s is not blacklisted', $email)], Response::HTTP_NOT_FOUND);
+        }
+
+        $reason = $this->blacklistManager->getBlacklistReason($email);
+
+        return $this->json([
+            'email' => $blacklistInfo->getEmail(),
+            'added' => $blacklistInfo->getAdded() ? $blacklistInfo->getAdded()->format('c') : null,
+            'reason' => $reason,
+        ]);
+    }
+}

tests/Integration/Subscription/Controller/BlacklistControllerTest.php

@@ -0,0 +1,60 @@
+<?php
+
+declare(strict_types=1);
+
+namespace PhpList\RestBundle\Tests\Integration\Subscription\Controller;
+
+use PhpList\RestBundle\Subscription\Controller\BlacklistController;
+use PhpList\RestBundle\Tests\Integration\Common\AbstractTestController;
+use Symfony\Component\HttpFoundation\Response;
+
+/**
+ * Integration tests for the BlacklistController.
+ */
+class BlacklistControllerTest extends AbstractTestController
+{
+    public function testControllerIsAvailableViaContainer(): void
+    {
+        self::assertInstanceOf(
+            BlacklistController::class,
+            self::getContainer()->get(BlacklistController::class)
+        );
+    }
+
+    public function testCheckEmailBlacklistedWithoutSessionKeyReturnsForbiddenStatus(): void
+    {
+        $this->jsonRequest('get', '/api/v2/blacklist/check/[email protected]');
+
+        $this->assertHttpForbidden();
+    }
+
+    public function testAddEmailToBlacklistWithoutSessionKeyReturnsForbiddenStatus(): void
+    {
+        $this->jsonRequest('post', '/api/v2/blacklist/add');
+
+        $this->assertHttpForbidden();
+    }
+
+    public function testAddEmailToBlacklistWithMissingEmailReturnsUnprocessableEntityStatus(): void
+    {
+        $jsonData = [];
+
+        $this->authenticatedJsonRequest('post', '/api/v2/blacklist/add', [], [], [], json_encode($jsonData));
+
+        $this->assertHttpUnprocessableEntity();
+    }
+
+    public function testRemoveEmailFromBlacklistWithoutSessionKeyReturnsForbiddenStatus(): void
+    {
+        $this->jsonRequest('delete', '/api/v2/blacklist/remove/[email protected]');
+
+        $this->assertHttpForbidden();
+    }
+
+    public function testGetBlacklistInfoWithoutSessionKeyReturnsForbiddenStatus(): void
+    {
+        $this->jsonRequest('get', '/api/v2/blacklist/info/[email protected]');
+
+        $this->assertHttpForbidden();
+    }
+}