Introduce new config setting to set a contact email address (#17916)

* Introduce new config setting to set a contact email address

to use instead of all super user email addresses

* fix test

* apply review feedback

* updates expected UI tests

16 files changed, 47 insertions, 23 deletions

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2502b12e2e..4e3b755d28 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -19,6 +19,10 @@ The Product Changelog at **[matomo.org/changelog](https://matomo.org/changelog)*
 * When the Ecommerce feature is disabled for a site, then the Live API no longer returns the Ecommerce related visitor properties `totalEcommerceRevenue`, `totalEcommerceConversions`, `totalEcommerceItems`,  `totalAbandonedCartsRevenue`, `totalAbandonedCarts` and `totalAbandonedCartsItems`.
 * Content Security Policy (added in Matomo 4.4.0) is no longer in Report Only mode by default. 
 
+### New config.ini.php settings
+
+* The config setting `contact_email_address` in `General` has been added. It will be used as contact email address for users. If not defined (default) all email addresses of all super users will be used instead, which equals the behavior it used to be.
+
 ## Matomo 4.4.0
 
 ### Breaking Changes
diff --git a/config/global.ini.php b/config/global.ini.php
index e49a2c2fc0..c73d0ce372 100755
--- a/config/global.ini.php
+++ b/config/global.ini.php
@@ -532,6 +532,10 @@ noreply_email_address = "noreply@{DOMAIN}"
 ; standard email name displayed when sending emails. If not set, a default name will be used.
 noreply_email_name = ""
 
+; email address to use when an administrator should be contacted. If not set, email addresses of all super users will be used instead.
+; To use multiple addresses simply concatenate them with a ','
+contact_email_address = ""
+
 ; set to 0 to disable sending of all emails. useful for testing.
 emails_enabled = 1
 
diff --git a/core/Piwik.php b/core/Piwik.php
index 52341ccfdd..cdcf3e196f 100644
--- a/core/Piwik.php
+++ b/core/Piwik.php
@@ -180,6 +180,23 @@ class Piwik
     }
 
     /**
+     * Returns the email addresses configured as contact. If none is configured the mail addresses of all super users will be returned instead.
+     *
+     * @return array
+     */
+    public static function getContactEmailAddresses(): array
+    {
+        $contactAddresses = trim(Config::getInstance()->General['contact_email_address']);
+
+        if (empty($contactAddresses)) {
+            return self::getAllSuperUserAccessEmailAddresses();
+        }
+
+        $contactAddresses = explode(',', $contactAddresses);
+        return array_map('trim', $contactAddresses);
+    }
+
+    /**
      * Get a list of all email addresses having Super User access.
      *
      * @return array
diff --git a/core/Plugin/Controller.php b/core/Plugin/Controller.php
index 6317326265..fe4d986238 100644
--- a/core/Plugin/Controller.php
+++ b/core/Plugin/Controller.php
@@ -726,6 +726,9 @@ abstract class Controller
         $view->hasSuperUserAccess = Piwik::hasUserSuperUserAccess();
 
         if (!Piwik::isUserIsAnonymous()) {
+            $view->contactEmail = implode(',', Piwik::getContactEmailAddresses());
+
+            // for BC only. Use contactEmail instead
             $view->emailSuperUser = implode(',', Piwik::getAllSuperUserAccessEmailAddresses());
         }
 
@@ -748,7 +751,7 @@ abstract class Controller
         $view->logoLarge = $customLogo->getLogoUrl();
         $view->logoSVG = $customLogo->getSVGLogoUrl();
         $view->hasSVGLogo = $customLogo->hasSVGLogo();
-        $view->superUserEmails = implode(',', Piwik::getAllSuperUserAccessEmailAddresses());
+        $view->contactEmail = implode(',', Piwik::getContactEmailAddresses());
         $view->themeStyles = ThemeStyles::get();
 
         $general = PiwikConfig::getInstance()->General;
@@ -839,7 +842,7 @@ abstract class Controller
 
             $emailSubject = rawurlencode(Piwik::translate('CoreHome_InjectedHostEmailSubject', $invalidHost));
             $emailBody = rawurlencode(Piwik::translate('CoreHome_InjectedHostEmailBody'));
-            $superUserEmail = implode(',', Piwik::getAllSuperUserAccessEmailAddresses());
+            $superUserEmail = implode(',', Piwik::getContactEmailAddresses());
 
             $mailToUrl = "mailto:$superUserEmail?subject=$emailSubject&body=$emailBody";
             $mailLinkStart = "<a href=\"$mailToUrl\">";
@@ -972,7 +975,7 @@ abstract class Controller
 
         if (!Piwik::isUserIsAnonymous()) {
             $currentLogin = Piwik::getCurrentUserLogin();
-            $emails = implode(',', Piwik::getAllSuperUserAccessEmailAddresses());
+            $emails = implode(',', Piwik::getContactEmailAddresses());
             $errorMessage  = sprintf(Piwik::translate('CoreHome_NoPrivilegesAskPiwikAdmin'), $currentLogin, "<br/><a href='mailto:" . $emails . "?subject=Access to Matomo for user $currentLogin'>", "</a>");
             $errorMessage .= "<br /><br />&nbsp;&nbsp;&nbsp;<b><a href='index.php?module=" . Piwik::getLoginPluginName() . "&amp;action=logout'>&rsaquo; " . Piwik::translate('General_Logout') . "</a></b><br />";
 
diff --git a/plugins/CoreHome/templates/_headerMessage.twig b/plugins/CoreHome/templates/_headerMessage.twig
index 91b852078c..8fb6ec2e9e 100644
--- a/plugins/CoreHome/templates/_headerMessage.twig
+++ b/plugins/CoreHome/templates/_headerMessage.twig
@@ -50,7 +50,7 @@
             <br />
         {% elseif latest_version_available and not isPiwikDemo and hasSomeViewAccess and not isUserIsAnonymous %}
             {% set updateSubject = 'General_NewUpdatePiwikX'|translate(latest_version_available)|e('url') %}
-            {{ 'General_PiwikXIsAvailablePleaseNotifyPiwikAdmin'|translate("<a target='_blank' rel='noreferrer noopener' href='https://matomo.org/'>Matomo</a> <a target='_blank' rel='noreferrer noopener' href='https://matomo.org/changelog/'>" ~ latest_version_available ~ "</a>", "<a href='mailto:" ~ superUserEmails ~ "?subject=" ~ updateSubject ~ "'>", "</a>")|raw }}
+            {{ 'General_PiwikXIsAvailablePleaseNotifyPiwikAdmin'|translate("<a target='_blank' rel='noreferrer noopener' href='https://matomo.org/'>Matomo</a> <a target='_blank' rel='noreferrer noopener' href='https://matomo.org/changelog/'>" ~ latest_version_available ~ "</a>", "<a href='mailto:" ~ contactEmail|e('url') ~ "?subject=" ~ updateSubject ~ "'>", "</a>")|raw }}
             <br />
         {% endif %}
 
diff --git a/plugins/CoreHome/templates/_indexContent.twig b/plugins/CoreHome/templates/_indexContent.twig
index 34ec6d0d7f..27edc9b758 100644
--- a/plugins/CoreHome/templates/_indexContent.twig
+++ b/plugins/CoreHome/templates/_indexContent.twig
@@ -7,7 +7,7 @@
         {{ postEvent("Template.nextToCalendar") }}
         {% render dashboardSettingsControl %}
         {% include "@CoreHome/_headerMessage.twig" %}
-        {{ ajax.requestErrorDiv(emailSuperUser|default(''), false, '', showMoreFaqInfo) }}
+        {{ ajax.requestErrorDiv(contactEmail|default(''), false, '', showMoreFaqInfo) }}
     </div>
 
     {{ ajax.loadingDiv() }}
diff --git a/plugins/CoreHome/templates/getDefaultIndexView.twig b/plugins/CoreHome/templates/getDefaultIndexView.twig
index 8d61b91b96..db399dbaa9 100644
--- a/plugins/CoreHome/templates/getDefaultIndexView.twig
+++ b/plugins/CoreHome/templates/getDefaultIndexView.twig
@@ -10,7 +10,7 @@
 {% endblock %}
 
 {% block content %}
-    {{ ajax.requestErrorDiv(emailSuperUser|default(''), areAdsForProfessionalServicesEnabled, currentModule, showMoreFaqInfo) }}
+    {{ ajax.requestErrorDiv(contactEmail|default(''), areAdsForProfessionalServicesEnabled, currentModule, showMoreFaqInfo) }}
     {{ ajax.loadingDiv() }}
 
     <div id="content" class="home">
diff --git a/plugins/CorePluginsAdmin/Controller.php b/plugins/CorePluginsAdmin/Controller.php
index bba70fd980..79099f6bb6 100644
--- a/plugins/CorePluginsAdmin/Controller.php
+++ b/plugins/CorePluginsAdmin/Controller.php
@@ -168,12 +168,9 @@ class Controller extends Plugin\ControllerAdmin
             $nonce = Nonce::getNonce(static::ACTIVATE_NONCE);
         }
 
-        $superUsers = Request::processRequest('UsersManager.getUsersHavingSuperUserAccess', [], []);
-        $emails = implode(',', array_column($superUsers, 'email'));
-
         $view = new View('@CorePluginsAdmin/tagManagerTeaser');
         $this->setGeneralVariablesView($view);
-        $view->superUserEmails = $emails;
+        $view->contactEmail = implode(',', Piwik::getContactEmailAddresses());
         $view->nonce = $nonce;
         return $view->render();
     }
@@ -403,7 +400,7 @@ class Controller extends Plugin\ControllerAdmin
         $view->deactivateNonce = Nonce::getNonce(static::DEACTIVATE_NONCE);
         $view->deactivateIAmSuperUserSalt = Common::getRequestVar('i_am_super_user', '', 'string');
         $view->uninstallNonce  = Nonce::getNonce(static::UNINSTALL_NONCE);
-        $view->emailSuperUser  = implode(',', Piwik::getAllSuperUserAccessEmailAddresses());
+        $view->contactEmail  = implode(',', Piwik::getContactEmailAddresses());
         $view->piwikVersion    = Version::VERSION;
         $view->showVersion     = !Common::getRequestVar('tests_hide_piwik_version', 0);
         $view->pluginCausesIssue = '';
diff --git a/plugins/CorePluginsAdmin/templates/safemode.twig b/plugins/CorePluginsAdmin/templates/safemode.twig
index 87853af664..622a35d5e1 100644
--- a/plugins/CorePluginsAdmin/templates/safemode.twig
+++ b/plugins/CorePluginsAdmin/templates/safemode.twig
@@ -128,7 +128,7 @@
         {% else %}
             <p>
                 If this error continues to happen you may want to send an
-                <a href="mailto:{{ emailSuperUser }}?subject={{ 'Fatal error in Matomo ' ~ piwikVersion|e('url') }}&body={{ lastError.message|e('url') }}%20in%20{{ lastError.file|e('url') }}%20{{ lastError.line|e('url') }}%20using%20PHP%20{{ constant('PHP_VERSION') }}">error report</a>
+                <a href="mailto:{{ contactEmail|e('url') }}?subject={{ 'Fatal error in Matomo ' ~ piwikVersion|e('url') }}&body={{ lastError.message|e('url') }}%20in%20{{ lastError.file|e('url') }}%20{{ lastError.line|e('url') }}%20using%20PHP%20{{ constant('PHP_VERSION') }}">error report</a>
                 to your system administrator.
             </p>
         {% endif %}
diff --git a/plugins/CorePluginsAdmin/templates/tagManagerTeaser.twig b/plugins/CorePluginsAdmin/templates/tagManagerTeaser.twig
index 1aa9f62a85..f1d87a4efa 100644
--- a/plugins/CorePluginsAdmin/templates/tagManagerTeaser.twig
+++ b/plugins/CorePluginsAdmin/templates/tagManagerTeaser.twig
@@ -19,7 +19,7 @@
                     <a href="{{ linkTo({'module': 'CorePluginsAdmin', 'action': 'activate', 'nonce': nonce, 'pluginName': 'TagManager', 'redirectTo': 'tagmanager'}) }}"
                        class="btn activateTagManagerPlugin"><span class="icon-rocket"></span> {{ 'CorePluginsAdmin_ActivateTagManagerNow'|translate }} <span class="icon-rocket"></span></a>
                 {% else %}
-                    <a href="mailto:{{ superUserEmails|e('url') }}?subject={{ 'CorePluginsAdmin_TagManagerNowAvailableTitle'|translate|e('url') }}&body={{ 'CorePluginsAdmin_TagManagerTeaserEmailSuperUserBody'|translate("\n\n", "\n\n", piwikUrl, "\n\n")|e('url') }}"
+                    <a href="mailto:{{ contactEmail|e('url') }}?subject={{ 'CorePluginsAdmin_TagManagerNowAvailableTitle'|translate|e('url') }}&body={{ 'CorePluginsAdmin_TagManagerTeaserEmailSuperUserBody'|translate("\n\n", "\n\n", piwikUrl, "\n\n")|e('url') }}"
                        class="btn activateTagManagerPlugin"><span class="icon-rocket"></span> {{ 'CorePluginsAdmin_TagManagerEmailSuperUserToActivate'|translate }} <span class="icon-rocket"></span></a>
                 {% endif %}
 
diff --git a/plugins/Morpheus/templates/admin.twig b/plugins/Morpheus/templates/admin.twig
index 02167cdde6..f09bf4aaa4 100644
--- a/plugins/Morpheus/templates/admin.twig
+++ b/plugins/Morpheus/templates/admin.twig
@@ -27,7 +27,7 @@
     </div>
 
     {% import 'ajaxMacros.twig' as ajax %}
-    {{ ajax.requestErrorDiv(emailSuperUser|default(''), areAdsForProfessionalServicesEnabled, currentModule, showMoreFaqInfo) }}
+    {{ ajax.requestErrorDiv(contactEmail|default(''), areAdsForProfessionalServicesEnabled, currentModule, showMoreFaqInfo) }}
     {{ postEvent("Template.beforeContent", "admin", currentModule, currentAction) }}
 
     <div class="page">
diff --git a/plugins/Morpheus/templates/ajaxMacros.twig b/plugins/Morpheus/templates/ajaxMacros.twig
index 79eda2d30d..61c01fe25c 100644
--- a/plugins/Morpheus/templates/ajaxMacros.twig
+++ b/plugins/Morpheus/templates/ajaxMacros.twig
@@ -13,12 +13,12 @@
 </div>
 {% endmacro %}
 
-{% macro requestErrorDiv(emailSuperUser, areAdsForProfessionalServicesEnabled = false, currentModule = '', showMoreHelp = false) %}
+{% macro requestErrorDiv(contactEmail, areAdsForProfessionalServicesEnabled = false, currentModule = '', showMoreHelp = false) %}
     <div id="loadingError">
         <div class="alert alert-danger">
 
-            {% if emailSuperUser is defined and emailSuperUser %}
-                {{ 'General_ErrorRequest'|translate('<a href="mailto:' ~ emailSuperUser ~ '">', '</a>')|raw }}
+            {% if contactEmail is defined and contactEmail %}
+                {{ 'General_ErrorRequest'|translate('<a href="mailto:' ~ contactEmail|e('url') ~ '">', '</a>')|raw }}
             {% else %}
                 {{ 'General_ErrorRequest'|translate('', '') }}
             {% endif %}
diff --git a/plugins/TwoFactorAuth/Controller.php b/plugins/TwoFactorAuth/Controller.php
index e7936b5202..3ff82ac44c 100644
--- a/plugins/TwoFactorAuth/Controller.php
+++ b/plugins/TwoFactorAuth/Controller.php
@@ -109,8 +109,7 @@ class Controller extends \Piwik\Plugin\Controller
                 }
             }
         }
-        $superUsers = Request::processRequest('UsersManager.getUsersHavingSuperUserAccess', [], []);
-        $view->superUserEmails = implode(',', array_column($superUsers, 'email'));
+        $view->contactEmail = implode(',', Piwik::getContactEmailAddresses());
         $view->loginModule = Piwik::getLoginPluginName();
         $view->AccessErrorString = $messageNoAccess;
         $view->addForm($form);
diff --git a/plugins/TwoFactorAuth/templates/loginTwoFactorAuth.twig b/plugins/TwoFactorAuth/templates/loginTwoFactorAuth.twig
index 7169f5dbf1..0f18a0dfd2 100644
--- a/plugins/TwoFactorAuth/templates/loginTwoFactorAuth.twig
+++ b/plugins/TwoFactorAuth/templates/loginTwoFactorAuth.twig
@@ -46,7 +46,7 @@
             <br />
                 <a href="https://matomo.org/faq/how-to/faq_27248" rel="noreferrer noopener">{{ 'TwoFactorAuth_EnterRecoveryCodeInstead'|translate }}</a>
                 <br />
-                <a href="mailto:{{ superUserEmails|e('url') }}?subject={{ 'TwoFactorAuth_NotPossibleToLogIn'|translate|e('url') }}&body={{ 'TwoFactorAuth_LostAuthenticationDevice'|translate("\n\n", "\n\n", piwikUrl|default(''), "\n\n", userLogin, "https://matomo.org/faq/how-to/faq_27248")|e('url') }}" rel="noreferrer noopener">{{ 'TwoFactorAuth_AskSuperUserResetAuthenticationCode'|translate }}</a>
+                <a href="mailto:{{ contactEmail|e('url') }}?subject={{ 'TwoFactorAuth_NotPossibleToLogIn'|translate|e('url') }}&body={{ 'TwoFactorAuth_LostAuthenticationDevice'|translate("\n\n", "\n\n", piwikUrl|default(''), "\n\n", userLogin, "https://matomo.org/faq/how-to/faq_27248")|e('url') }}" rel="noreferrer noopener">{{ 'TwoFactorAuth_AskSuperUserResetAuthenticationCode'|translate }}</a>
                 <br />
                 <a href="{{ linkTo({'module': loginModule, 'action': 'logout'}) }}" rel="noreferrer noopener">{{ 'General_Logout'|translate }}</a>
             </p>
diff --git a/tests/PHPUnit/Integration/FrontControllerTest.php b/tests/PHPUnit/Integration/FrontControllerTest.php
index b780bb7bfe..27b254e451 100644
--- a/tests/PHPUnit/Integration/FrontControllerTest.php
+++ b/tests/PHPUnit/Integration/FrontControllerTest.php
@@ -48,7 +48,7 @@ FORMAT;
         $this->assertEquals('error', $response['result']);
 
         $expectedFormat = <<<FORMAT
-test message on {includePath}/tests/resources/trigger-fatal-exception.php(23) #0 [internal function]: {closure}('CoreHome', 'index', Array) #1 {includePath}/core/EventDispatcher.php(141): call_user_func_array(Object(Closure), Array) #2 {includePath}/core/Piwik.php(809): Piwik\EventDispatcher-&gt;postEvent('Request.dispatc...', Array, false, Array) #3 {includePath}/core/FrontController.php(599): Piwik\Piwik::postEvent('Request.dispatc...', Array) #4 {includePath}/core/FrontController.php(168): Piwik\FrontController-&gt;doDispatch('CoreHome', 'index', Array) #5 {includePath}/tests/resources/trigger-fatal-exception.php(31): Piwik\FrontController-&gt;dispatch('CoreHome', 'index') #6 {main}
+test message on {includePath}/tests/resources/trigger-fatal-exception.php(23) #0 [internal function]: {closure}('CoreHome', 'index', Array) #1 {includePath}/core/EventDispatcher.php(141): call_user_func_array(Object(Closure), Array) #2 {includePath}/core/Piwik.php(826): Piwik\EventDispatcher-&gt;postEvent('Request.dispatc...', Array, false, Array) #3 {includePath}/core/FrontController.php(599): Piwik\Piwik::postEvent('Request.dispatc...', Array) #4 {includePath}/core/FrontController.php(168): Piwik\FrontController-&gt;doDispatch('CoreHome', 'index', Array) #5 {includePath}/tests/resources/trigger-fatal-exception.php(31): Piwik\FrontController-&gt;dispatch('CoreHome', 'index') #6 {main}
 FORMAT;
         $this->assertStringMatchesFormat($expectedFormat, $response['message']);
     }
diff --git a/tests/UI/expected-screenshots/UIIntegrationTest_admin_diagnostics_configfile.png b/tests/UI/expected-screenshots/UIIntegrationTest_admin_diagnostics_configfile.png
index a9c91b5271..d8a5b970ed 100644
--- a/tests/UI/expected-screenshots/UIIntegrationTest_admin_diagnostics_configfile.png
+++ b/tests/UI/expected-screenshots/UIIntegrationTest_admin_diagnostics_configfile.png
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:ab810f992ef914a0e21b7646b44136383781a87239aa75eb0aaf9cfdcc297daf
-size 5268855
+oid sha256:cca60cf4af3b6b47a15f0a69002a0b4b3430bf63d02437c67a3e8901d117ef49
+size 5285620