From 06dee142121421c925c0e485bc9f9745db717c4d Mon Sep 17 00:00:00 2001
From: Axel Guckelsberger <info@guite.de>
Date: Tue, 4 Jan 2022 07:29:10 +0100
Subject: [PATCH] add rate limiting for test mails

---
 CHANGELOG-4.0.md                                        | 2 +-
 config/packages/rate_limiter.yaml                       | 4 ++++
 src/system/MailerModule/Controller/ConfigController.php | 8 ++++++++
 3 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG-4.0.md b/CHANGELOG-4.0.md
index 67498ece6d..42e09f0428 100644
--- a/CHANGELOG-4.0.md
+++ b/CHANGELOG-4.0.md
@@ -9,4 +9,4 @@
   - none yet
 
 - Features:
-  - none yet
+  - [Mailer] Utilize rate limiter component for test email functionality.
diff --git a/config/packages/rate_limiter.yaml b/config/packages/rate_limiter.yaml
index 59c8c705e7..7db9a0f2da 100644
--- a/config/packages/rate_limiter.yaml
+++ b/config/packages/rate_limiter.yaml
@@ -4,3 +4,7 @@ framework:
             policy: 'fixed_window'
             limit: 20
             interval: '60 minutes'
+        test_mails:
+            policy: 'fixed_window'
+            limit: 5
+            interval: '30 minutes'
diff --git a/src/system/MailerModule/Controller/ConfigController.php b/src/system/MailerModule/Controller/ConfigController.php
index de1e575185..b2a80093ed 100644
--- a/src/system/MailerModule/Controller/ConfigController.php
+++ b/src/system/MailerModule/Controller/ConfigController.php
@@ -16,10 +16,12 @@
 use Psr\Log\LoggerInterface;
 use Sensio\Bundle\FrameworkExtraBundle\Configuration\Template;
 use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpKernel\Exception\TooManyRequestsHttpException;
 use Symfony\Component\Mailer\Exception\TransportExceptionInterface;
 use Symfony\Component\Mailer\MailerInterface;
 use Symfony\Component\Mime\Address;
 use Symfony\Component\Mime\Email;
+use Symfony\Component\RateLimiter\RateLimiterFactory;
 use Symfony\Component\Routing\Annotation\Route;
 use Zikula\Bundle\CoreBundle\Controller\AbstractController;
 use Zikula\Bundle\CoreBundle\Site\SiteDefinitionInterface;
@@ -98,6 +100,7 @@ public function test(
         Request $request,
         VariableApiInterface $variableApi,
         MailerInterface $mailer,
+        RateLimiterFactory $testMailsLimiter,
         LoggerInterface $mailLogger, // $mailLogger var name auto-injects the mail channel handler
         SiteDefinitionInterface $site
     ): array {
@@ -105,6 +108,11 @@ public function test(
         $form->handleRequest($request);
         if ($form->isSubmitted() && $form->isValid()) {
             if ($form->get('test')->isClicked()) {
+                $limiter = $testMailsLimiter->create($request->getClientIp());
+                if (false === $limiter->consume(1)->isAccepted()) {
+                    throw new TooManyRequestsHttpException();
+                }
+
                 $formData = $form->getData();
                 $html = in_array($formData['messageType'], ['html', 'multipart']) ? true : false;
                 try {