trabajo-afectivo/app/controllers/form_controller.rb

# Copyright (C) 2012-2014 Zammad Foundation, http://zammad-foundation.org/

class FormController < ApplicationController

  def config
    return if !enabled?

    api_path  = Rails.configuration.api_path
    http_type = Setting.get('http_type')
    fqdn      = Setting.get('fqdn')

    endpoint = "#{http_type}://#{fqdn}#{api_path}/form_submit"

    config = {
      enabled:  Setting.get('form_ticket_create'),
      endpoint: endpoint,
    }

    if params[:test] && current_user && current_user.permissions?('admin.channel_formular')
      config[:enabled] = true
    end

    render json: config, status: :ok
  end

  def submit
    return if !enabled?

    # validate input
    errors = {}
    if !params[:name] || params[:name].empty?
      errors['name'] = 'required'
    end
    if !params[:email] || params[:email].empty?
      errors['email'] = 'required'
    end
    if params[:email] !~ /@/
      errors['email'] = 'invalid'
    end
    if params[:email] =~ /(>|<|\||\!|"|§|'|\$|%|&|\(|\)|\?|\s)/
      errors['email'] = 'invalid'
    end
    if !params[:title] || params[:title].empty?
      errors['title'] = 'required'
    end
    if !params[:body] || params[:body].empty?
      errors['body'] = 'required'
    end

    # realtime verify
    if !errors['email']
      begin
        checker = EmailVerifier::Checker.new(params[:email])
        checker.connect
        if !checker.verify
          errors['email'] = "Unable to send to '#{params[:email]}'"
        end
      rescue => e
        message = e.to_s
        Rails.logger.info "Can't verify email #{params[:email]}: #{message}"

        # ignore 450, graylistings
        if message !~ /450/
          errors['email'] = message
        end
      end
    end

    if errors && !errors.empty?
      render json: {
        errors: errors
      }, status: :ok
      return
    end

    name = params[:name].strip
    email = params[:email].strip.downcase

    customer = User.find_by(email: email)
    if !customer
      role_ids = Role.signup_role_ids
      customer = User.create(
        firstname: name,
        lastname: '',
        email: email,
        password: '',
        active: true,
        role_ids: role_ids,
        updated_by_id: 1,
        created_by_id: 1,
      )
    end

    # set current user
    UserInfo.current_user_id = customer.id

    ticket = Ticket.create(
      group_id: 1,
      customer_id: customer.id,
      title: params[:title],
      state_id: Ticket::State.find_by(name: 'new').id,
      priority_id: Ticket::Priority.find_by(name: '2 normal').id,
    )
    article = Ticket::Article.create(
      ticket_id: ticket.id,
      type_id: Ticket::Article::Type.find_by(name: 'web').id,
      sender_id: Ticket::Article::Sender.find_by(name: 'Customer').id,
      body: params[:body],
      subject: params[:title],
      internal: false,
    )

    UserInfo.current_user_id = 1

    result = {
      ticket: {
        id: ticket.id,
        number: ticket.number
      }
    }
    render json: result, status: :ok
  end

  private

  def enabled?
    return true if params[:test] && current_user && current_user.permissions?('admin.channel_formular')
    return true if Setting.get('form_ticket_create')
    response_access_deny
    false
  end

end
Init form feature. 2015-08-10 00:10:41 +00:00			`# Copyright (C) 2012-2014 Zammad Foundation, http://zammad-foundation.org/`

			`class FormController < ApplicationController`

			`def config`
			`return if !enabled?`

			`api_path = Rails.configuration.api_path`
			`http_type = Setting.get('http_type')`
			`fqdn = Setting.get('fqdn')`

			`endpoint = "#{http_type}://#{fqdn}#{api_path}/form_submit"`

			`config = {`
			`enabled: Setting.get('form_ticket_create'),`
			`endpoint: endpoint,`
			`}`

Added support for admin form preview also for admins if feature is disabled. 2016-10-06 19:01:48 +00:00			`if params[:test] && current_user && current_user.permissions?('admin.channel_formular')`
			`config[:enabled] = true`
			`end`

Init form feature. 2015-08-10 00:10:41 +00:00			`render json: config, status: :ok`
			`end`

			`def submit`
			`return if !enabled?`

			`# validate input`
			`errors = {}`
			`if !params[:name] \|\| params[:name].empty?`
			`errors['name'] = 'required'`
			`end`
			`if !params[:email] \|\| params[:email].empty?`
			`errors['email'] = 'required'`
			`end`
			`if params[:email] !~ /@/`
			`errors['email'] = 'invalid'`
			`end`
Improved validation (ignore 450, graylistings). 2016-02-01 10:28:44 +00:00			`if params[:email] =~ /(>\|<\|\\|\|\!\|"\|§\|'\|\$\|%\|&\|\(\|\)\|\?\|\s)/`
Small improvements. 2015-08-10 12:08:06 +00:00			`errors['email'] = 'invalid'`
			`end`
Second version of forms. 2015-08-10 08:56:55 +00:00			`if !params[:title] \|\| params[:title].empty?`
			`errors['title'] = 'required'`
			`end`
Init form feature. 2015-08-10 00:10:41 +00:00			`if !params[:body] \|\| params[:body].empty?`
			`errors['body'] = 'required'`
			`end`

Added form browser tests and form email validation. 2016-02-01 09:23:55 +00:00			`# realtime verify`
			`if !errors['email']`
			`begin`
			`checker = EmailVerifier::Checker.new(params[:email])`
			`checker.connect`
			`if !checker.verify`
			`errors['email'] = "Unable to send to '#{params[:email]}'"`
			`end`
			`rescue => e`
Improved validation (ignore 450, graylistings). 2016-02-01 10:28:44 +00:00			`message = e.to_s`
			`Rails.logger.info "Can't verify email #{params[:email]}: #{message}"`

			`# ignore 450, graylistings`
			`if message !~ /450/`
			`errors['email'] = message`
			`end`
Added form browser tests and form email validation. 2016-02-01 09:23:55 +00:00			`end`
			`end`

Init form feature. 2015-08-10 00:10:41 +00:00			`if errors && !errors.empty?`
			`render json: {`
			`errors: errors`
			`}, status: :ok`
			`return`
			`end`

			`name = params[:name].strip`
			`email = params[:email].strip.downcase`

			`customer = User.find_by(email: email)`
			`if !customer`
Moved from to new permission management. 2016-08-12 16:39:09 +00:00			`role_ids = Role.signup_role_ids`
Init form feature. 2015-08-10 00:10:41 +00:00			`customer = User.create(`
			`firstname: name,`
			`lastname: '',`
			`email: email,`
			`password: '',`
			`active: true,`
Moved from to new permission management. 2016-08-12 16:39:09 +00:00			`role_ids: role_ids,`
Init form feature. 2015-08-10 00:10:41 +00:00			`updated_by_id: 1,`
			`created_by_id: 1,`
			`)`
			`end`

Added preview do admin interface for form config. 2016-10-06 16:56:10 +00:00			`# set current user`
			`UserInfo.current_user_id = customer.id`

Init form feature. 2015-08-10 00:10:41 +00:00			`ticket = Ticket.create(`
			`group_id: 1,`
			`customer_id: customer.id,`
Second version of forms. 2015-08-10 08:56:55 +00:00			`title: params[:title],`
Added form browser tests and form email validation. 2016-02-01 09:23:55 +00:00			`state_id: Ticket::State.find_by(name: 'new').id,`
			`priority_id: Ticket::Priority.find_by(name: '2 normal').id,`
Init form feature. 2015-08-10 00:10:41 +00:00			`)`
			`article = Ticket::Article.create(`
			`ticket_id: ticket.id,`
Added form browser tests and form email validation. 2016-02-01 09:23:55 +00:00			`type_id: Ticket::Article::Type.find_by(name: 'web').id,`
			`sender_id: Ticket::Article::Sender.find_by(name: 'Customer').id,`
Init form feature. 2015-08-10 00:10:41 +00:00			`body: params[:body],`
Second version of forms. 2015-08-10 08:56:55 +00:00			`subject: params[:title],`
Init form feature. 2015-08-10 00:10:41 +00:00			`internal: false,`
			`)`

Added preview do admin interface for form config. 2016-10-06 16:56:10 +00:00			`UserInfo.current_user_id = 1`

Return ticket data on form submission (#584) Form controller will return ticket id and number on success, so this data can be displayed on the calling page. 2017-01-09 12:45:22 +00:00			`result = {`
			`ticket: {`
			`id: ticket.id,`
			`number: ticket.number`
			`}`
			`}`
Init form feature. 2015-08-10 00:10:41 +00:00			`render json: result, status: :ok`
			`end`

			`private`

			`def enabled?`
Added support for admin form preview also for admins if feature is disabled. 2016-10-06 19:01:48 +00:00			`return true if params[:test] && current_user && current_user.permissions?('admin.channel_formular')`
Init form feature. 2015-08-10 00:10:41 +00:00			`return true if Setting.get('form_ticket_create')`
			`response_access_deny`
			`false`
			`end`

			`end`