From fce9b1e490360b908a0a200ba2949a6f73b8a095 Mon Sep 17 00:00:00 2001
From: Marie PUPO JEAMMET <marie.jeammet@beta.gouv.fr>
Date: Fri, 16 May 2025 18:47:33 +0200
Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B(dimail)=20fix=20broken=20auth=20wh?=
 =?UTF-8?q?ile=20resetting=20passwords?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Dimail client's "reset password" method was using basic auth while
dimail expects a token for this endpoint. Fixed it.
---
 src/backend/mailbox_manager/api/client/viewsets.py   |  3 +++
 .../mailboxes/test_api_mailboxes_reset_password.py   | 12 ++++++++++++
 src/backend/mailbox_manager/utils/dimail.py          |  2 +-
 3 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/src/backend/mailbox_manager/api/client/viewsets.py b/src/backend/mailbox_manager/api/client/viewsets.py
index 2eab329..3853937 100644
--- a/src/backend/mailbox_manager/api/client/viewsets.py
+++ b/src/backend/mailbox_manager/api/client/viewsets.py
@@ -249,6 +249,9 @@ class MailBoxViewSet(
 
     POST /api/<version>/mail-domains/<domain_slug>/mailboxes/<mailbox_id>/enable/
         Send a request to dimail to enable mailbox and change status of the mailbox in our DB
+
+    POST /api/<version>/mail-domains/<domain_slug>/mailboxes/<mailbox_id>/reset/
+        Send a request to mail-provider to reset password.
     """
 
     permission_classes = [permissions.MailBoxPermission]
diff --git a/src/backend/mailbox_manager/tests/api/mailboxes/test_api_mailboxes_reset_password.py b/src/backend/mailbox_manager/tests/api/mailboxes/test_api_mailboxes_reset_password.py
index 62b9d24..55aa910 100644
--- a/src/backend/mailbox_manager/tests/api/mailboxes/test_api_mailboxes_reset_password.py
+++ b/src/backend/mailbox_manager/tests/api/mailboxes/test_api_mailboxes_reset_password.py
@@ -124,6 +124,12 @@ def test_api_mailboxes__reset_password_admin_successful(role):
     client.force_login(access.user)
     dimail_url = settings.MAIL_PROVISIONING_API_URL
 
+    responses.add(
+        responses.GET,
+        f"{dimail_url}/token/",
+        body=dimail.TOKEN_OK,
+        status=200,
+    )
     responses.add(
         responses.POST,
         f"{dimail_url}/domains/{mail_domain.name}/mailboxes/{mailbox.local_part}/reset_password/",
@@ -169,6 +175,12 @@ def test_api_mailboxes__reset_password_connexion_failed():
     client.force_login(access.user)
 
     dimail_url = settings.MAIL_PROVISIONING_API_URL
+    responses.add(
+        responses.GET,
+        f"{dimail_url}/token/",
+        body=dimail.TOKEN_OK,
+        status=200,
+    )
     responses.add(
         responses.POST,
         f"{dimail_url}/domains/{mail_domain.name}/mailboxes/{mailbox.local_part}/reset_password/",
diff --git a/src/backend/mailbox_manager/utils/dimail.py b/src/backend/mailbox_manager/utils/dimail.py
index e22306d..14085da 100644
--- a/src/backend/mailbox_manager/utils/dimail.py
+++ b/src/backend/mailbox_manager/utils/dimail.py
@@ -616,7 +616,7 @@ class DimailAPIClient:
         try:
             response = session.post(
                 f"{self.API_URL}/domains/{mailbox.domain.name}/mailboxes/{mailbox.local_part}/reset_password/",
-                headers={"Authorization": f"Basic {self.API_CREDENTIALS}"},
+                headers=self.get_headers(),
                 verify=True,
                 timeout=self.API_TIMEOUT,
             )