2019-03-16 09:37:35 +00:00
|
|
|
# frozen_string_literal: true
|
2019-03-15 01:32:57 +00:00
|
|
|
|
2011-05-18 07:13:08 +00:00
|
|
|
# Redmine - project management software
|
2024-02-26 22:55:54 +00:00
|
|
|
# Copyright (C) 2006- Jean-Philippe Lang
|
2008-06-25 19:25:28 +00:00
|
|
|
#
|
|
|
|
|
# This program is free software; you can redistribute it and/or
|
|
|
|
|
# modify it under the terms of the GNU General Public License
|
|
|
|
|
# as published by the Free Software Foundation; either version 2
|
|
|
|
|
# of the License, or (at your option) any later version.
|
2011-05-18 07:13:08 +00:00
|
|
|
#
|
2008-06-25 19:25:28 +00:00
|
|
|
# This program is distributed in the hope that it will be useful,
|
|
|
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
# GNU General Public License for more details.
|
2011-05-18 07:13:08 +00:00
|
|
|
#
|
2008-06-25 19:25:28 +00:00
|
|
|
# You should have received a copy of the GNU General Public License
|
|
|
|
|
# along with this program; if not, write to the Free Software
|
|
|
|
|
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
|
|
|
|
|
|
|
|
|
class MailHandlerController < ActionController::Base
|
2021-03-26 05:08:03 +00:00
|
|
|
include ActiveSupport::SecurityUtils
|
|
|
|
|
|
2016-07-14 07:27:31 +00:00
|
|
|
before_action :check_credential
|
2011-05-18 07:13:08 +00:00
|
|
|
|
2022-05-11 20:09:16 +00:00
|
|
|
# Requests from rdm-mailhandler.rb don't contain CSRF tokens
|
|
|
|
|
skip_before_action :verify_authenticity_token
|
|
|
|
|
|
2015-06-21 16:38:29 +00:00
|
|
|
# Displays the email submission form
|
2015-06-15 21:47:22 +00:00
|
|
|
def new
|
|
|
|
|
end
|
|
|
|
|
|
2008-06-25 19:25:28 +00:00
|
|
|
# Submits an incoming email to MailHandler
|
|
|
|
|
def index
|
2022-03-18 18:42:55 +00:00
|
|
|
# MailHandlerController#index should permit all options set by
|
|
|
|
|
# RedmineMailHandler#submit in rdm-mailhandler.rb.
|
|
|
|
|
# It must be kept in sync.
|
|
|
|
|
options = params.permit(
|
|
|
|
|
:key,
|
|
|
|
|
:email,
|
|
|
|
|
:allow_override,
|
|
|
|
|
:unknown_user,
|
|
|
|
|
:default_group,
|
|
|
|
|
:no_account_notice,
|
|
|
|
|
:no_notification,
|
|
|
|
|
:no_permission_check,
|
|
|
|
|
:project_from_subaddress,
|
|
|
|
|
{
|
|
|
|
|
issue: [
|
|
|
|
|
:project,
|
|
|
|
|
:status,
|
|
|
|
|
:tracker,
|
|
|
|
|
:category,
|
|
|
|
|
:priority,
|
|
|
|
|
:assigned_to,
|
|
|
|
|
:fixed_version,
|
|
|
|
|
:is_private
|
|
|
|
|
]
|
|
|
|
|
}
|
|
|
|
|
).to_h
|
2008-06-25 19:25:28 +00:00
|
|
|
email = options.delete(:email)
|
2018-09-23 13:36:30 +00:00
|
|
|
if MailHandler.safe_receive(email, options)
|
2016-07-17 06:35:28 +00:00
|
|
|
head :created
|
2008-06-25 19:25:28 +00:00
|
|
|
else
|
2024-06-12 16:09:37 +00:00
|
|
|
head :unprocessable_content
|
2008-06-25 19:25:28 +00:00
|
|
|
end
|
|
|
|
|
end
|
2011-05-18 07:13:08 +00:00
|
|
|
|
2008-06-25 19:25:28 +00:00
|
|
|
private
|
2011-05-18 07:13:08 +00:00
|
|
|
|
2008-06-25 19:25:28 +00:00
|
|
|
def check_credential
|
|
|
|
|
User.current = nil
|
2021-03-26 05:08:03 +00:00
|
|
|
unless Setting.mail_handler_api_enabled? && secure_compare(params[:key].to_s, Setting.mail_handler_api_key.to_s)
|
2024-05-18 05:56:55 +00:00
|
|
|
render :plain => 'Access denied. Incoming emails WS is disabled or key is invalid.', :status => :forbidden
|
2008-06-25 19:25:28 +00:00
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
