From e56b8b0bbfe7821ae7f44cb52ac586c928e4bca4 Mon Sep 17 00:00:00 2001
From: Michael Witrant <michael@ouvrages-web.fr>
Date: Thu, 6 Mar 2014 20:39:26 +0100
Subject: [PATCH] send security issue email

---
 app/mailers/user_mailer.rb                     |  5 +++++
 app/views/user_mailer/security_issue.html.haml | 18 ++++++++++++++++++
 config/environments/development.rb             | 10 +++++++---
 lib/tasks/send_security_issue.rake             |  5 +++++
 4 files changed, 35 insertions(+), 3 deletions(-)
 create mode 100644 app/views/user_mailer/security_issue.html.haml
 create mode 100644 lib/tasks/send_security_issue.rake

diff --git a/app/mailers/user_mailer.rb b/app/mailers/user_mailer.rb
index e21ded23..f585efb9 100644
--- a/app/mailers/user_mailer.rb
+++ b/app/mailers/user_mailer.rb
@@ -7,4 +7,9 @@ def new_tip user, tip
 
     mail to: user.email, subject: "You received a tip for your commit"
   end
+
+  def security_issue(user)
+    @user = user
+    mail to: user.email, subject: "Security issue on peer4commit.com"
+  end
 end
diff --git a/app/views/user_mailer/security_issue.html.haml b/app/views/user_mailer/security_issue.html.haml
new file mode 100644
index 00000000..d503374c
--- /dev/null
+++ b/app/views/user_mailer/security_issue.html.haml
@@ -0,0 +1,18 @@
+%h4 Hello #{@user.full_name},
+
+%p We recently discovered a security issue on Peer4commit. This issue allowed someone to change the Peercoin address of other users.
+
+%p
+  The problem is now fixed. To ensure our database is clean we decided to clear all the addresses.
+  Please set your Peercoin address again:
+  = link_to('Sign in', login_users_url(token: @user.login_token)) + "."
+
+%p We think only one tip was stolen. It will be sent again to its owner when he sets his address.
+
+%p Sorry for this inconvenience.
+
+%p= link_to "peer4commit.com", "http://peer4commit.com/"
+
+%p
+  %small
+    = link_to "Don't notify me anymore.", login_users_url(token: @user.login_token, unsubscribe: true)
diff --git a/config/environments/development.rb b/config/environments/development.rb
index 42389197..898d5bcf 100644
--- a/config/environments/development.rb
+++ b/config/environments/development.rb
@@ -13,10 +13,14 @@
   config.consider_all_requests_local       = true
   config.action_controller.perform_caching = false
 
-  # Don't care if the mailer can't send.
-  config.action_mailer.raise_delivery_errors = false
+  config.action_mailer.default_url_options = { :host => "localhost:3000" }
 
-  config.action_mailer.default_url_options = { :host => "localhost:3000" }  
+  config.action_mailer.delivery_method = :smtp
+  config.action_mailer.smtp_settings = CONFIG['smtp_settings'].to_options
+
+  config.action_mailer.perform_deliveries = true
+  config.action_mailer.raise_delivery_errors = true
+  config.action_mailer.default_options = {from: 'no-reply@' + CONFIG['smtp_settings']['domain'] }
 
   # Print deprecation notices to the Rails logger.
   config.active_support.deprecation = :log
diff --git a/lib/tasks/send_security_issue.rake b/lib/tasks/send_security_issue.rake
new file mode 100644
index 00000000..68720afd
--- /dev/null
+++ b/lib/tasks/send_security_issue.rake
@@ -0,0 +1,5 @@
+task :send_security_issue => :environment do
+  User.where(unsubscribed: nil).each do |user|
+    UserMailer.security_issue(user).deliver
+  end
+end