From 0e48b7cee8c46c5e41786b66d2a374958e51c82e Mon Sep 17 00:00:00 2001
From: Jared Hancock <jared@osticket.com>
Date: Mon, 24 Mar 2014 13:08:04 -0500
Subject: [PATCH] email: Reject tickets from unregistered clients

---
 include/class.config.php              |  6 ++++
 include/class.ticket.php              | 41 +++++++++++++++------------
 include/staff/settings-emails.inc.php |  6 ++++
 3 files changed, 35 insertions(+), 18 deletions(-)

diff --git a/include/class.config.php b/include/class.config.php
index 5d9301cf8..03fe8891c 100644
--- a/include/class.config.php
+++ b/include/class.config.php
@@ -155,6 +155,7 @@ class OsticketConfig extends Config {
         'add_email_collabs' => true,
         'clients_only' => false,
         'client_registration' => 'closed',
+        'accept_unregistered_email' => true,
     );
 
     function OsticketConfig($section=null) {
@@ -548,6 +549,10 @@ class OsticketConfig extends Config {
         return ($this->get('use_email_priority'));
     }
 
+    function acceptUnregisteredEmail() {
+        return $this->get('accept_unregistered_email');
+    }
+
     function addCollabsViaEmail() {
         return ($this->get('add_email_collabs'));
     }
@@ -960,6 +965,7 @@ class OsticketConfig extends Config {
             'enable_mail_polling'=>isset($vars['enable_mail_polling'])?1:0,
             'strip_quoted_reply'=>isset($vars['strip_quoted_reply'])?1:0,
             'use_email_priority'=>isset($vars['use_email_priority'])?1:0,
+            'accept_unregistered_email'=>isset($vars['accept_unregistered_email'])?1:0,
             'add_email_collabs'=>isset($vars['add_email_collabs'])?1:0,
             'reply_separator'=>$vars['reply_separator'],
          ));
diff --git a/include/class.ticket.php b/include/class.ticket.php
index bd05210c3..a69109204 100644
--- a/include/class.ticket.php
+++ b/include/class.ticket.php
@@ -2157,6 +2157,14 @@ class Ticket {
             };
         };
 
+        $reject_ticket = function($message) use (&$errors) {
+            $errors = array(
+                'errno' => 403,
+                'err' => 'This help desk is for use by authorized users only');
+            $ost->logWarning('Ticket Denied', $message);
+            return 0;
+        };
+
         // Create and verify the dynamic form entry for the new ticket
         $form = TicketForm::getNewInstance();
         // If submitting via email, ensure we have a subject and such
@@ -2193,12 +2201,7 @@ class Ticket {
 
             //Make sure the email address is not banned
             if (TicketFilter::isBanned($vars['email'])) {
-                $errors = array(
-                        'errno' => 403,
-                        'err' => 'This help desk is for use by authorized
-                        users only');
-                $ost->logWarning('Ticket denied', 'Banned email - '.$vars['email']);
-                return 0;
+                return $reject_ticket('Banned email - '.$vars['email']);
             }
 
             //Make sure the open ticket limit hasn't been reached. (LOOP CONTROL)
@@ -2220,17 +2223,11 @@ class Ticket {
         //Init ticket filters...
         $ticket_filter = new TicketFilter($origin, $vars);
         // Make sure email contents should not be rejected
-        if($ticket_filter
+        if ($ticket_filter
                 && ($filter=$ticket_filter->shouldReject())) {
-            $errors = array(
-                    'errno' => 403,
-                    'err' => "This help desk is for use by authorized users
-                    only");
-            $ost->logWarning('Ticket denied',
-                    sprintf('Ticket rejected ( %s) by filter "%s"',
-                        $vars['email'], $filter->getName()));
-
-            return 0;
+            return $reject_ticket(
+                sprintf('Ticket rejected ( %s) by filter "%s"',
+                    $vars['email'], $filter->getName()));
         }
 
         $id=0;
@@ -2281,10 +2278,18 @@ class Ticket {
                         || !($user=User::fromVars($user_form->getClean())))
                     $errors['user'] = 'Incomplete client information';
             }
+
+            // Reject emails if not from registered clients (if configured)
+            if (!$cfg->acceptUnregisteredEmail() && !$user->getAccount()) {
+                return $reject_ticket(
+                    sprintf('Ticket rejected (%s) (unregistered client)',
+                        $vars['email']));
+            }
         }
 
-        //Any error above is fatal.
-        if($errors)  return 0;
+        // Any error above is fatal.
+        if ($errors)
+            return 0;
 
         # Some things will need to be unpacked back into the scope of this
         # function
diff --git a/include/staff/settings-emails.inc.php b/include/staff/settings-emails.inc.php
index b4c95d024..1d12a8e14 100644
--- a/include/staff/settings-emails.inc.php
+++ b/include/staff/settings-emails.inc.php
@@ -117,6 +117,12 @@ if(!defined('OSTADMININC') || !$thisstaff || !$thisstaff->isAdmin() || !$config)
                 <i class="help-tip icon-question-sign" href="#use_email_priority"></i>
             </td>
         </tr>
+        <tr>
+            <td width="180">Accept Unregistered Email:</td>
+            <td><input type="checkbox" name="accept_unregistered_email" <?php
+    echo $config['accept_unregistered_email'] ? 'checked="checked"' : ''; ?>/>
+            Allow emailed tickets from clients without an account
+        </tr>
         <tr>
             <td width="180">Accept Email Collaborators:</td>
             <td><input type="checkbox" name="add_email_collabs" <?php
-- 
GitLab