Fixed redirects in after_filter hook, updated README

README.rdoc

@@ -4,22 +4,46 @@ This plugin shows how to implement Fat Free CRM application controller
 callback hook to capture lead data submitted from remote form. For more
 information about Fat Free CRM visit http://github.com/michaeldv/fat_free_crm/tree/master
 
+=== Installation
+
+The plugin installs just like any Ruby on Rails plugin packaged as git.
+Assuming that you have Fat Free CRM up and running:
+
+  $ ./script/install plugin git://github.com/michaeldv/crm_web_to_lead.git
+
+The sample plugin will be installed in vendor/plugins/crm_web_to_lead directory.
+
+=== Quick How To
+
 To submit a lead remote form should POST two extra hidden fields to
 identify the user who will own the lead:
-
-  <input type="hidden" name="authorization" value="<<< password_hash here >>>">
-  <input type="hidden" name="token" value="<<< password_token here >>>">
 
-Two more hidden fields specify redirection URLs -- upon successful
-submit and in case of failure:
+  <input type="hidden" name="authorization" value="-- password_hash here --">
+  <input type="hidden" name="token" value="-- password_token here --">
+
+Two more hidden fields specify redirection URLs to handle successful
+submissions and possible validation errors:
+
+  <input type="hidden" name="on_success" value="-- fuccess URL here --">
+  <input type="hidden" name="on_success" value="-- failure URL here --">
 
-  <input type="hidden" name="on_success" value="<<< fuccess URL here >>>">
-  <input type="hidden" name="on_success" value="<<< failure URL here >>>">
+The following sample is a good start to build your own lead capture form.
 
-You can test the submission by posting the form using +curl+:
+  <html>
+  <body>
+    <form action="http://localhost:3000/leads/create" method="post">
+      <input name="lead[first_name]" value="">
+      <input name="lead[last_name]" value="">
+      <input name="lead[source]" value="Web">
+      <input name="authorization" value="?">
+      <input name="token" value="?"
+      <input name="on_success" value="http://www.yoursite.com/success">
+      <input name="on_failure" value="http://www.yoursite.com/failure">
+      <input type="submit" value="OK">
+    </form
+  </body>
+  </html>
 
-  $ curl -d "first_name=John&last_name=&Doe&authorization=?&token=?" localhost:3000/leads/create
-
 Replace question marks with the actual values of +password_hash+ and
 +password_token+ as set in +users+ table. Successful lead submissions
 get logged in Rails log file.

init.rb

@@ -1,6 +1,6 @@
 RAILS_DEFAULT_LOGGER.info ">> Adding web-to-lead Fat Free CRM plugin..."
 
-FatFreeCRM::Plugin. << :web_to_lead do # Same as FatFreeCRM::Plugin.add(:web_to_lead) do
+FatFreeCRM::Plugin.register(:web_to_lead) do
          name "Web-to-lead Capture Fat Free CRM Plugin"
        author "Michael Dvorkin"
       version "1.0"

lib/crm_web_to_lead.rb

@@ -1,5 +1,6 @@
 class AppCallback < FatFreeCRM::Callback::Base
 
+
   # Implements application's before_filter hook.
   #----------------------------------------------------------------------------
   def app_before_filter(controller, context = {})
@@ -9,12 +10,16 @@ def app_before_filter(controller, context = {})
 
     # Remote form should POST two hidden fields to identify the user who'll own the lead:
     # 
-    # <input type="hidden" name="authorization" value="<<< password_hash here >>>">
-    # <input type="hidden" name="token" value="<<< password_token here >>>">
-    #
-    if controller.request.post? && !controller.params[:authorization].blank? && !controller.params[:token].blank?
-      @current_user = User.find_by_password_hash_and_password_salt(controller.params[:authorization], controller.params[:token])
-      controller.logger.info ">>> web-to-lead: creating lead for user " + @current_user.inspect
+    # <input type="hidden" name="authorization" value="-- password_hash here --">
+    # <input type="hidden" name="token"         value="-- password_token here --">
+
+    params = controller.params
+    if controller.request.post? && !params[:authorization].blank? && !params[:token].blank?
+      user = User.find_by_password_hash_and_password_salt(params[:authorization], params[:token])
+
+      # Implant @current_user so that :require_user filter becomes a noop.
+      controller.instance_variable_set("@current_user", user)
+      controller.logger.info(">>> web-to-lead: creating lead for user " + user.inspect) if controller.logger
     end
   end
 
@@ -25,15 +30,21 @@ def app_after_filter(controller, context = {})
     # Only trap leads/create.
     return unless controller.controller_name == "leads" && controller.action_name == "create"
 
-    # Two more hidden fields specify redirection URLs:
+    # Two more hidden fields specify lead source and redirection URLs:
     #
-    # <input type="hidden" name="on_success" value="<<< success URL here >>>"
-    # <input type="hidden" name="on_success" value="<<< failure URL here >>>"
-    #
-    unless flash[:notice].blank? # Lead ... was successfully created.
-      redirect_to(controller.params[:on_success]) unless controller.params[:on_success].blank?
+    # <input type="hidden" name="on_success" value="-- success URL here --">
+    # <input type="hidden" name="on_success" value="-- failure URL here --">
+
+    params = controller.params
+    lead = controller.instance_variable_get("@lead")
+
+    #  Note that we can't use usual render() or redirect_to() here since leads
+    #  controller has already rendered the response and/or redirected.
+
+    if lead && !lead.new_record? # Lead record should have been saved by now.
+      controller.response.redirect(params[:on_success], "302") if params[:on_success]
     else
-      redirect_to(controller.params[:on_failure]) unless controller.params[:on_failure].blank?
+      controller.response.redirect(params[:on_failure], "302") if params[:on_failure]
     end
   end