send security issue email

sigmike · Mar 6, 2014 · e56b8b0 · e56b8b0
1 parent 5fdcbe8
commit e56b8b0
Show file tree

Hide file tree

Showing 4 changed files with 35 additions and 3 deletions.
diff --git a/app/mailers/user_mailer.rb b/app/mailers/user_mailer.rb
@@ -7,4 +7,9 @@ def new_tip user, tip
 
     mail to: user.email, subject: "You received a tip for your commit"
   end
+
+  def security_issue(user)
+    @user = user
+    mail to: user.email, subject: "Security issue on peer4commit.com"
+  end
 end
diff --git a/app/views/user_mailer/security_issue.html.haml b/app/views/user_mailer/security_issue.html.haml
@@ -0,0 +1,18 @@
+%h4 Hello #{@user.full_name},
+
+%p We recently discovered a security issue on Peer4commit. This issue allowed someone to change the Peercoin address of other users.
+
+%p
+  The problem is now fixed. To ensure our database is clean we decided to clear all the addresses.
+  Please set your Peercoin address again:
+  = link_to('Sign in', login_users_url(token: @user.login_token)) + "."
+
+%p We think only one tip was stolen. It will be sent again to its owner when he sets his address.
+
+%p Sorry for this inconvenience.
+
+%p= link_to "peer4commit.com", "http://peer4commit.com/"
+
+%p
+  %small
+    = link_to "Don't notify me anymore.", login_users_url(token: @user.login_token, unsubscribe: true)
diff --git a/config/environments/development.rb b/config/environments/development.rb
@@ -13,10 +13,14 @@
   config.consider_all_requests_local       = true
   config.action_controller.perform_caching = false
 
-  # Don't care if the mailer can't send.
-  config.action_mailer.raise_delivery_errors = false
+  config.action_mailer.default_url_options = { :host => "localhost:3000" }
 
-  config.action_mailer.default_url_options = { :host => "localhost:3000" }  
+  config.action_mailer.delivery_method = :smtp
+  config.action_mailer.smtp_settings = CONFIG['smtp_settings'].to_options
+
+  config.action_mailer.perform_deliveries = true
+  config.action_mailer.raise_delivery_errors = true
+  config.action_mailer.default_options = {from: 'no-reply@' + CONFIG['smtp_settings']['domain'] }
 
   # Print deprecation notices to the Rails logger.
   config.active_support.deprecation = :log

diff --git a/lib/tasks/send_security_issue.rake b/lib/tasks/send_security_issue.rake
@@ -0,0 +1,5 @@
+task :send_security_issue => :environment do
+  User.where(unsubscribed: nil).each do |user|
+    UserMailer.security_issue(user).deliver
+  end
+end