radiant-mailer-extension 1.0.2 → 1.0.3

data/README.rdoc

@@ -2,7 +2,6 @@
 
 The Mailer extension enables form mail on a page.
 
-
 == Usage
 
 You can define email templates using pages parts (email, and/or email_html).
@@ -17,15 +16,21 @@ You configure the recipients and other Mailer settings in a "mailer" part:
 
 The following tags are available to help you build the form:
 
-  <r:mailer:form name=""> ... </r:mailer:form> 
-  <r:mailer:text name="" /> 
+  <r:mailer:form name=""> ... </r:mailer:form>
+  <r:mailer:text name="" />
+  <r:mailer:password name="" />
+  <r:mailer:reset name="" />
   <r:mailer:checkbox name="" />
   <r:mailer:radio name="" />
+  <r:mailer:file name="" />
   <r:mailer:radiogroup name=""> ... </r:mailer:radiogroup>
   <r:mailer:select name=""> ... </r:mailer:select>
   <r:mailer:date_select name=""/>
   <r:mailer:textarea name=""> ... </r:mailer:textarea>
   <r:mailer:option name="" />
+  <r:mailer:submit name="" />
+  <r:mailer:image name="" />
+  <r:mailer:submit_placeholder />
 
 When processing the form (in email and email_html), the following tags are 
 available:
@@ -42,11 +47,130 @@ Simple example of a form:
    <r:mailer:text name="name" /> <br/>
     Message:<br/>
    <r:mailer:textarea name="message" /> <br/>
-   <input type="submit" value="Send" />
+   <r:mailer:submit name="Send" />
+  </r:mailer:form>
+
+=== Required fields
+
+You can specify fields which must be populated or the form will be invalid and will redisplay the page with an error informing the user to populate those fields.
+
+Simple example of a required field:
+
+  <r:mailer:form>
+   ...
+    Name:<br/>
+   <r:mailer:text name="name" required="true"/> <br/>
+   ...
+   <r:mailer:submit name="Send" />
+  </r:mailer:form>
+
+Simple example of a required field with user-defined message:
+
+  <r:mailer:form>
+   ...
+    Name:<br/>
+   <r:mailer:text name="name" required="should not be blank"/> <br/>
+   ...
+   <r:mailer:submit name="Send" />
+  </r:mailer:form>
+
+You can also specify fields which must be validated 'as_email' (i.e. a@b.com).
+
+Simple example of a required field with email address validation:
+
+  <r:mailer:form>
+   ...
+    Reply-To:<br/>
+   <r:mailer:text name="reply_email" required="as_email"/> <br/>
+   ...
+   <r:mailer:submit name="Send" />
   </r:mailer:form>
 
+You can also specify fields which must be validated as defined regexp (i.e. /^\d{2}\.\d{2}\.\d{4}\$/ for date dd.mm.yyyy).
 
-== User-provided Configuration
+
+Simple example of a required field with regexp validation:
+
+  <r:mailer:form>
+   ...
+    Birthday:<br/>
+   <r:mailer:text name="birthday" required="/^\d{2}\.\d{2}\.\d{4}\$/"/> <br/>
+   ...
+   <r:mailer:submit name="Send" />
+  </r:mailer:form>
+
+Finally, you can put all field validations in the "mailer" part:
+
+  subject: From the website of Whatever
+  from: noreply@example.com
+  redirect_to: /contact/thank-you
+  recipients:
+    - one@one.com
+  required:
+    name: "true"
+    email: as_email
+    message: "true"
+
+The field names above are "name," "email," and "message." Note the quotation marks around true values. If you do your field validations this way, Mailer will ignore any validations you attempt through your radius tags. This method of validation keeps Mailer from adding hidden inputs to keep track of required fields. See the caveat below.
+
+
+=== Spam blocking
+
+You can specify which fields may not contain anything that looks like a link in the "mailer" part. For example:
+
+  subject: From the website of Whatever
+  from: noreply@example.com
+  redirect_to: /contact/thank-you
+  recipients:
+    - one@one.com
+  disallow_links:
+    - comments
+    - questions
+
+The comments and questions fields would throw an error if the user or a spam bot entered the following phrases: "www", "&amp;", "http:", "mailto:", "bcc:", "href", "multipart", "[url", or "Content-Type:".
+
+
+You can also include one field on your form that must be left blank. If anyone enters something in the field, the field throws an error. The tactic here is to hide the field from human readers, but to leave the field visible to spam bots. Here is how you would edit the "mailer" part to implement this:
+
+  subject: From the website of Whatever
+  from: noreply@example.com
+  redirect_to: /contact/thank-you
+  recipients:
+    - one@one.com
+  leave_blank: your_field_name
+
+"your_field_name" is the name of the field you want to hide. It is up to you to hide the field when you construct your form. I would recommend against using a traditional hidden input field. Use style="display:none" instead.
+
+
+=== File attachments
+
+In many cases it is desirable to limit the maximum size of a file that may be uploaded. This is set as the max_filesize attribute for mailers in the mailer page part. Any file included in the form will have the limit imposed. Following is a simple example mailer part that includes a file size limit of 100,000 bytes:
+
+  subject: From the website of Whatever
+  from: noreply@mydomain.com
+  redirect_to: /contact/thank-you
+  max_filesize: 100000
+  recipients:
+    - one@one.com
+    - two@two.com
+
+The following is a simple form that might be used to submit a file for the above configuration:
+
+  <r:mailer:form name="contact">
+      Type your message: <r:mailer:text name="themessage" /> <br/>
+      Select a file: <r:mailer:file name="thefile" /> <br/>
+      <r:mailer:submit value="submit"/>
+  </r:mailer:form>
+
+If a user does not select a file the other form contents will still be e-mailed. The <r:mailer:get name="foo" /> (with <r:mailer:file name="foo" />) will provide the uploaded file name.
+
+If you are using email or email_html parts then the <r:mailer:get name="" /> tag can be used to retrieve the name of the uploaded file. If no file was uploaded "" will be returned.
+
+=== Submit placeholder
+
+If you wish to show that activity is taking place during submission you may use the <r:mailer:submit_placeholder /> tag in your form. This will insert a hidden div with the contents of the submit_placeholder page part. The div will be displayed when the user clicks any submit button.
+
+=== User-provided Configuration
 
 Sometimes, rather than explicitly configuring the recipients and such in the mailer part, you'd rather have them passed in by the person submitting the form. Mailer supports this by allowing you to specify a form field to pull the value from:
 
@@ -56,7 +180,6 @@ Then you just have to add that field to your mailer form and you're all set.
 
 This is supported for the from (from_field), recipients (recipients_field) and reply_to (reply_to_field) properties.
 
-
 == Enabling action_mailer
 
 In environment.rb you'll probably need to change:
@@ -67,11 +190,19 @@ to:
 
   config.frameworks -= []
 
+== Updating from the older mailer extension
+
+If you get this error "The single-table inheritance mechanism failed to locate the subclass: 'MailerPage'.", run 'rake:radiant:extensions:mailer:migrate'. This will change all pages with a MailerPage classname into regular pages.
+  Second, your 'config' page part has to be renamed to 'mailer', and the first two YAML levels should be deleted (see instructions above).
+
+If you are getting a stack level too deep error, it may be caused by using <r:mailer:get /> in your 'mailer' part.
+Use the from_field or other options to get to the email adress that was posted (see User-provided configuration).
 
 == Caveats
 
 Relative urls will almost certainly not work if the mailer fails validation. Solution? Only use absolute urls.
 
+Unless you set up the field validations in the "mailer" part, validation will be implemented via easily spoofable HTML attributes. Think of them of more like guidelines in that case.
 
 == History
 
@@ -91,5 +222,4 @@ Seriously restructured by: Nathaniel Talbott - terralien.com
 
 == Todo
 
-* Support for file attachments to emails
 * Tests

data/app/controllers/mail_controller.rb

@@ -8,7 +8,6 @@ class MailController < ApplicationController
     @page.request, @page.response = request, response
 
     config, part_page = config_and_page(@page)
-
     mail = Mail.new(part_page, config, params[:mailer])
     @page.last_mail = part_page.last_mail = mail
     process_mail(mail, config)
@@ -34,4 +33,4 @@ class MailController < ApplicationController
     [(string.empty? ? {} : YAML::load(string).symbolize_keys), page]
   end
 
-end
+end

data/app/models/mail.rb

@@ -1,15 +1,32 @@
 class Mail
-  attr_reader :page, :config, :data, :errors
+  attr_reader :page, :config, :data, :leave_blank, :disallow_links, :errors
+
   def initialize(page, config, data)
     @page, @config, @data = page, config.with_indifferent_access, data
-    @required = @data.delete(:required)
+    @required = required_fields
+    @leave_blank = leave_blank_field
+    @disallow_links = disallow_link_fields
     @errors = {}
   end
 
   def self.valid_config?(config)
-    return false if config['recipients'].blank? and config['recipients_field'].blank?
-    return false if config['from'].blank? and config['from_field'].blank?
-    true
+    config_errors(config).empty?
+  end
+  
+  def self.config_errors(config)
+    config_errors = {}
+    %w(recipients from).each do |required_field|
+      if config[required_field].blank? and config["#{required_field}_field"].blank?
+        config_errors[required_field] = "is required"
+      end
+    end
+    config_errors
+  end
+  
+  def self.config_error_messages(config)
+    config_errors(config).collect do |field, message|
+      "'#{field}' #{message}"
+    end.to_sentence
   end
 
   def valid?
@@ -37,16 +54,47 @@ class Mail
 
       if @required
         @required.each do |name, msg|
-          if data[name].blank?
-            errors[name] = ((msg.blank? || %w(1 true required).include?(msg)) ? "is required." : msg)
+          if "as_email" == msg
+            unless valid_email?(data[name])
+              errors[name] = "invalid email address."
+              @valid = false
+            end
+          elsif m = msg.match(/\/(.*)\//)
+            regex = Regexp.new(m[1])
+            unless data[name] =~ regex
+              errors[name] = "doesn't match regex (#{m[1]})"
+              @valid = false
+            end
+          else
+            if data[name].blank?
+              errors[name] = ((msg.blank? || %w(1 true required not_blank).include?(msg)) ? "is required." : msg)
+              @valid = false
+            end
+          end
+        end
+      end
+      
+      if @disallow_links.present?
+        pattern = /www|&|http:|mailto:|bcc:|href|cc:|multipart|\[url|Content-Type:/i
+        @disallow_links.each do |field|
+          if @data[field] =~ pattern
+            errors[field] = %q(must not contain the following text: "www", "&", "http:", "mailto:", "bcc:", "href", "multipart", "[url", or "Content-Type:")
             @valid = false
           end
         end
+      end 
+
+      if @leave_blank.present?
+        unless @data[@leave_blank] == ''
+          errors[@leave_blank] = "must be left blank."
+          @valid = false
+        end
       end
     end
+    
     @valid
   end
-
+  
   def from
     config[:from] || data[config[:from_field]]
   end
@@ -71,14 +119,33 @@ class Mail
     data[config[:cc_field]] || config[:cc] || ""
   end
   
+  def files
+    res = []
+    data.each_value do |d|
+      res << d if StringIO === d or Tempfile === d
+    end
+    res
+  end
+  
+  def filesize_limit
+    config[:filesize_limit] || 0
+  end
+  
+  def plain_body
+    return nil if not valid?
+    @plain_body ||= (page.part( :email ) ? page.render_part( :email ) : page.render_part( :email_plain ))
+  end
+  
+  def html_body
+    return nil if not valid?
+    @html_body = page.render_part( :email_html ) || nil
+  end
+
   def send
     return false if not valid?
 
-    plain_body = (page.part( :email ) ? page.render_part( :email ) : page.render_part( :email_plain ))
-    html_body = page.render_part( :email_html ) || nil
-
     if plain_body.blank? and html_body.blank?
-      plain_body = <<-EMAIL
+      @plain_body = <<-EMAIL
 The following information was posted:
 #{data.to_hash.to_yaml}
       EMAIL
@@ -94,10 +161,12 @@ The following information was posted:
       :recipients => recipients,
       :from => from,
       :subject => subject,
-      :plain_body => plain_body,
-      :html_body => html_body,
+      :plain_body => @plain_body,
+      :html_body => @html_body,
       :cc => cc,
-      :headers => headers
+      :headers => headers,
+      :files => files,
+      :filesize_limit => filesize_limit
     )
     @sent = true
   rescue Exception => e
@@ -112,10 +181,22 @@ The following information was posted:
   protected
 
   def valid_email?(email)
-    (email.blank? ? true : email =~ /.@.+\../)
+    (email.blank? ? false : email =~ /^[^@]+@([^@.]+\.)[^@]+$/)
   end
   
   def is_required_field?(field_name)
     @required && @required.any? {|name,_| name == field_name}
   end
+  
+  def required_fields
+    @config.has_key?(:required) ? @config[:required] : @data.delete(:required)
+  end
+  
+  def leave_blank_field
+    @config[:leave_blank] if @config.has_key?(:leave_blank)
+  end
+  
+  def disallow_link_fields
+    @config[:disallow_links] if @config.has_key?(:disallow_links)
+  end
 end

data/app/models/mailer.rb

@@ -1,19 +1,32 @@
 class Mailer < ActionMailer::Base
   def generic_mail(options)
-    @recipients = options[:recipients]
-    @from = options[:from] || ""
-    @cc = options[:cc] || ""
-    @bcc = options[:bcc] || ""
-    @subject = options[:subject] || ""
-    @headers = options[:headers] || {}
-    # Not sure that charset works, can see no effect in tests
-    @charset = options[:charset] || "utf-8"
-    @content_type = "multipart/alternative"
+    recipients    options[:recipients]
+    from          options[:from] || ""
+    cc            options[:cc] || ""
+    bcc           options[:bcc] || ""
+    subject       options[:subject] || ""
+    headers       options[:headers] || {}
+    content_type  "multipart/mixed"
+    charset       options[:charset] || "utf-8"
+    
     if options.has_key? :plain_body
       part :content_type => "text/plain", :body => (options[:plain_body] || "")
     end
     if options.has_key? :html_body and !options[:html_body].blank?
       part :content_type => "text/html", :body => (options[:html_body] || "")
     end
+    # attchments
+    files = options[:files] || []
+    limit = options[:filesize_limit] || 0
+    files.each do |f|
+      if(limit == 0 || f.size <= limit)
+        attachment(
+          :content_type => "application/octet-stream",
+          :body => f.read,
+          :filename => f.original_filename)
+      else
+        raise "The file #{f.original_filename} is too large. The maximum size allowed is #{limit.to_s} bytes."
+      end
+    end
   end
 end

data/config/routes.rb

@@ -0,0 +1,3 @@
+ActionController::Routing::Routes.draw do |map|
+  map.resources :mail, :path_prefix => "/pages/:page_id", :controller => "mail"
+end

data/db/migrate/001_revert_mailer_page_class_to_page.rb

@@ -0,0 +1,10 @@
+class RevertMailerPageClassToPage < ActiveRecord::Migration
+  def self.up
+    # Leaving pages with MailerPage class_name if this model no longer exists would result in an error
+    Page.update_all("class_name = 'Page'", "class_name = 'MailerPage'")
+  end
+
+  def self.down
+    # Can not be reverted!
+  end
+end

data/features/datasets/mailer_page_dataset.rb

@@ -0,0 +1,37 @@
+class MailerPageDataset < Dataset::Base
+  uses :pages
+
+  def load
+    create_page "Contact" do
+      create_page_part "contact_body", 
+        :name => "body", 
+        :content => %Q{
+          <r:mailer:form>
+            Name:<br/>
+            <r:mailer:text name="name" /> <br/>
+            Email:<br/>
+            <r:mailer:text name="email" /> <br/>
+            Message:<br/>
+            <r:mailer:textarea name="message" /> <br/>
+            File:<br/>
+            <r:mailer:file name="attached_file" /> <br/>
+            <input type="submit" value="Send" />
+          </r:mailer:form>}
+      create_page_part "mailer",
+        :content => {
+            'subject' => 'From the website of Whatever',
+            'from' => 'no_reply@aissac.ro',
+            'redirect_to' => '/contact/thank-you',
+            'recipients' => 'example@aissac.ro'}.to_yaml
+      create_page_part "email",
+        :content => %Q{
+          <r:mailer>
+            Name: <r:get name="name" />
+            Email: <r:get name="email" />
+            Message: <r:get name="message" />
+          </r:mailer>
+        }
+      create_page "Thank You", :body => "Thank you!"
+    end    
+  end
+end