form_controller.rb 3.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148
  1. # Copyright (C) 2012-2014 Zammad Foundation, http://zammad-foundation.org/
  2. class FormController < ApplicationController
  3. skip_before_action :verify_csrf_token
  4. before_action :cors_preflight_check_execute
  5. after_action :set_access_control_headers_execute
  6. def config
  7. return if !enabled?
  8. api_path = Rails.configuration.api_path
  9. http_type = Setting.get('http_type')
  10. fqdn = Setting.get('fqdn')
  11. endpoint = "#{http_type}://#{fqdn}#{api_path}/form_submit"
  12. config = {
  13. enabled: Setting.get('form_ticket_create'),
  14. endpoint: endpoint,
  15. }
  16. if params[:test] && current_user && current_user.permissions?('admin.channel_formular')
  17. config[:enabled] = true
  18. end
  19. render json: config, status: :ok
  20. end
  21. def submit
  22. return if !enabled?
  23. # validate input
  24. errors = {}
  25. if !params[:name] || params[:name].empty?
  26. errors['name'] = 'required'
  27. end
  28. if !params[:email] || params[:email].empty?
  29. errors['email'] = 'required'
  30. end
  31. if params[:email] !~ /@/
  32. errors['email'] = 'invalid'
  33. end
  34. if params[:email] =~ /(>|<|\||\!|"|§|'|\$|%|&|\(|\)|\?|\s)/
  35. errors['email'] = 'invalid'
  36. end
  37. if !params[:title] || params[:title].empty?
  38. errors['title'] = 'required'
  39. end
  40. if !params[:body] || params[:body].empty?
  41. errors['body'] = 'required'
  42. end
  43. # realtime verify
  44. if !errors['email']
  45. begin
  46. checker = EmailVerifier::Checker.new(params[:email])
  47. checker.connect
  48. if !checker.verify
  49. errors['email'] = "Unable to send to '#{params[:email]}'"
  50. end
  51. rescue => e
  52. message = e.to_s
  53. Rails.logger.info "Can't verify email #{params[:email]}: #{message}"
  54. # ignore 450, graylistings
  55. if message !~ /450/
  56. errors['email'] = message
  57. end
  58. end
  59. end
  60. if errors && !errors.empty?
  61. render json: {
  62. errors: errors
  63. }, status: :ok
  64. return
  65. end
  66. name = params[:name].strip
  67. email = params[:email].strip.downcase
  68. customer = User.find_by(email: email)
  69. if !customer
  70. role_ids = Role.signup_role_ids
  71. customer = User.create(
  72. firstname: name,
  73. lastname: '',
  74. email: email,
  75. password: '',
  76. active: true,
  77. role_ids: role_ids,
  78. updated_by_id: 1,
  79. created_by_id: 1,
  80. )
  81. end
  82. # set current user
  83. UserInfo.current_user_id = customer.id
  84. ticket = Ticket.create(
  85. group_id: 1,
  86. customer_id: customer.id,
  87. title: params[:title],
  88. )
  89. article = Ticket::Article.create(
  90. ticket_id: ticket.id,
  91. type_id: Ticket::Article::Type.find_by(name: 'web').id,
  92. sender_id: Ticket::Article::Sender.find_by(name: 'Customer').id,
  93. body: params[:body],
  94. subject: params[:title],
  95. internal: false,
  96. )
  97. if params[:file]
  98. params[:file].each { |file|
  99. Store.add(
  100. object: 'Ticket::Article',
  101. o_id: article.id,
  102. data: File.read(file.tempfile),
  103. filename: file.original_filename,
  104. preferences: {
  105. 'Mime-Type' => file.content_type,
  106. }
  107. )
  108. }
  109. end
  110. UserInfo.current_user_id = 1
  111. result = {
  112. ticket: {
  113. id: ticket.id,
  114. number: ticket.number
  115. }
  116. }
  117. render json: result, status: :ok
  118. end
  119. private
  120. def enabled?
  121. return true if params[:test] && current_user && current_user.permissions?('admin.channel_formular')
  122. return true if Setting.get('form_ticket_create')
  123. response_access_deny
  124. false
  125. end
  126. end