Add Mailgun endpoint for receiving email tasks via Mailgun

2026-01-01 06:48:49 +01:00 · 2013-09-15 21:17:05 +01:00 · 2013-09-15 21:17:05 +01:00 · 8a2da01d51
commit 8a2da01d51
parent daef1c440b
8 changed files with 193 additions and 2 deletions
--- a/app/controllers/mailgun_controller.rb
+++ b/app/controllers/mailgun_controller.rb
@ -0,0 +1,38 @@
+require 'openssl'
+
+class MailgunController < ApplicationController
+
+  skip_before_filter :login_required, :only => [:mailgun]
+  before_filter :verify, :only => [:mailgun]
+  protect_from_forgery with: :null_session
+
+  def mailgun
+    unless params.include? 'body-mime'
+      Rails.logger.info "Cannot process Mailgun request, no body-mime sent"
+      render_failure "Unacceptable body-mime", 406
+      return
+    end
+
+    todo = MessageGateway.receive(params['body-mime'])
+    if todo
+      render :xml => todo.to_xml( *todo_xml_params )
+    else
+      render_failure "Todo not saved", 406
+    end
+  end
+
+  private
+
+  def verify
+    unless params['signature'] == OpenSSL::HMAC.hexdigest(
+            OpenSSL::Digest::Digest.new('sha256'),
+            SITE_CONFIG['mailgun_api_key'],
+            '%s%s' % [params['timestamp'], params['token']]
+         )
+      Rails.logger.info "Cannot verify Mailgun signature"
+      render_failure "Access denied", 406
+      return
+    end
+  end
+
+end
--- a/app/models/message_gateway.rb
+++ b/app/models/message_gateway.rb
@ -27,6 +27,7 @@ class MessageGateway < ActionMailer::Base
    todo = todo_builder.construct
    todo.save!
    Rails.logger.info "Saved email as todo for user #{user.login} in context #{context.name}"
+    todo
  end
  
  private
@ -49,10 +50,26 @@ class MessageGateway < ActionMailer::Base
    if user.nil?
      user = User.where("preferences.sms_email" => address.strip[1.100]).includes(:preference).first
    end
+    if user.present? and !sender_is_in_mailmap?(user,email)
+      Rails.logger.warn "#{email.from[0]} not found in mailmap for #{user.login}"
+      return nil
+    end
    Rails.logger.info(!user.nil? ? "Email belongs to #{user.login}" : "User unknown")
    return user
  end
-  
+
+  def sender_is_in_mailmap?(user,email)
+    if SITE_CONFIG['mailmap'].is_a? Hash and SITE_CONFIG['email_dispatch'] == 'to'
+      # Look for the sender in the map of allowed senders
+      SITE_CONFIG['mailmap'][user.preference.sms_email].include? email.from[0]
+    else
+      # We can't check the map if it's not defined, or if the lookup is the
+      # wrong way round, so just allow it
+      true
+    end
+  end
+
+
  def get_user_from_email_address(email)
    SITE_CONFIG['email_dispatch'] == 'single_user' ? get_user_from_env_setting : get_user_from_mail_header(email)
  end