From 06ad789c29643e01e9f09bc900294d689b40a408 Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Wed, 10 Oct 2018 18:43:13 +0200
Subject: [PATCH] OpenVPN client export, add list accounts (certificates) and
 associated users endpoint for https://github.com/opnsense/core/issues/2787

The legacy code populated a list of users and certificates, where the user only seems to be used to prefix some content and filter on server type, it seems more obvious to just export related certs for the requested server and show which users it connects to.
---
 .../OPNsense/OpenVPN/Api/ExportController.php | 46 +++++++++++++++++--
 1 file changed, 43 insertions(+), 3 deletions(-)

diff --git a/src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/Api/ExportController.php b/src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/Api/ExportController.php
index c1add7891..57729dbff 100644
--- a/src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/Api/ExportController.php
+++ b/src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/Api/ExportController.php
@@ -53,7 +53,21 @@ class ExportController extends ApiControllerBase
                 }
             }
         }
+    }
 
+    /**
+     * find server by vpnid
+     * @param string $vpnid reference
+     * @return mixed|null
+     */
+    private function findServer($vpnid)
+    {
+        foreach ($this->servers() as $server) {
+            if ((string)$server->vpnid == $vpnid) {
+                return $server;
+            }
+        }
+        return null;
     }
 
     /**
@@ -78,12 +92,38 @@ class ExportController extends ApiControllerBase
 
     /**
      * list configured accounts
-     * @param string $server handle
+     * @param string $vpnid server handle
      * @return array list of configured accounts
      */
-    public function accountsAction($server)
+    public function accountsAction($vpnid)
     {
-        return array();
+        $result = array();
+
+        $server = $this->findServer($vpnid);
+        if ($server !== null) {
+            // collect certificates for this server's ca
+            if (isset(Config::getInstance()->object()->cert)) {
+                foreach (Config::getInstance()->object()->cert as $cert) {
+                    if (isset($cert->refid) && isset($cert->caref) && (string)$server->caref == $cert->caref) {
+                        $result[(string)$cert->refid] = array(
+                            "description" => (string)$cert->descr,
+                            "users" => array()
+                        );
+                    }
+                }
+            }
+            // collect linked users
+            foreach (Config::getInstance()->object()->system->user as $user) {
+                if (isset($user->cert)) {
+                    foreach ($user->cert as $cert) {
+                        if (!empty($result[(string)$cert])) {
+                            $result[(string)$cert]['users'][] = (string)$user->name;
+                        }
+                    }
+                }
+            }
+        }
+        return $result;
     }
 
     /**