mirror of https://github.com/docusealco/docuseal
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
243 lines
8.9 KiB
243 lines
8.9 KiB
# frozen_string_literal: true
|
|
|
|
class StartFormController < ApplicationController
|
|
layout 'form'
|
|
|
|
skip_before_action :authenticate_user!
|
|
skip_authorization_check
|
|
|
|
around_action :with_browser_locale, only: %i[show update completed]
|
|
before_action :maybe_redirect_com, only: %i[show completed]
|
|
before_action :load_resubmit_submitter, only: :update
|
|
before_action :load_template
|
|
before_action :authorize_start!, only: :update
|
|
|
|
COOKIES_TTL = 12.hours
|
|
COOKIES_DEFAULTS = { httponly: true, secure: Rails.env.production? }.freeze
|
|
|
|
def show
|
|
raise ActionController::RoutingError, I18n.t('not_found') if @template.preferences['require_phone_2fa']
|
|
|
|
if @template.shared_link?
|
|
@submitter = @template.submissions.new(account_id: @template.account_id)
|
|
.submitters.new(account_id: @template.account_id,
|
|
uuid: (filter_undefined_submitters(@template).first ||
|
|
@template.submitters.first)['uuid'])
|
|
render :email_verification if params[:email_verification]
|
|
else
|
|
Rollbar.warning("Not shared template: #{@template.id}") if defined?(Rollbar)
|
|
|
|
return render :private if current_user && current_ability.can?(:read, @template)
|
|
|
|
raise ActionController::RoutingError, I18n.t('not_found')
|
|
end
|
|
end
|
|
|
|
def update
|
|
@submitter = find_or_initialize_submitter(@template, submitter_params)
|
|
|
|
if @submitter.completed_at?
|
|
redirect_to start_form_completed_path(@template.slug, submitter_params.compact_blank)
|
|
else
|
|
if filter_undefined_submitters(@template).size > 1 && @submitter.new_record?
|
|
@error_message = multiple_submitters_error_message
|
|
|
|
return render :show, status: :unprocessable_content
|
|
end
|
|
|
|
if (is_new_record = @submitter.new_record?)
|
|
assign_submission_attributes(@submitter, @template)
|
|
|
|
Submissions::AssignDefinedSubmitters.call(@submitter.submission)
|
|
else
|
|
@submitter.assign_attributes(ip: request.remote_ip, ua: request.user_agent)
|
|
end
|
|
|
|
if @template.preferences['shared_link_2fa'] == true
|
|
handle_require_2fa(@submitter, is_new_record:)
|
|
elsif @submitter.errors.blank? && @submitter.save
|
|
enqueue_new_submitter_jobs(@submitter) if is_new_record
|
|
|
|
redirect_to submit_form_path(@submitter.slug)
|
|
else
|
|
render :show, status: :unprocessable_content
|
|
end
|
|
end
|
|
end
|
|
|
|
def completed
|
|
return redirect_to start_form_path(@template.slug) if !@template.shared_link? || @template.archived_at?
|
|
|
|
submitter_params = params.permit(:name, :email, :phone).tap do |attrs|
|
|
attrs[:email] = Submissions.normalize_email(attrs[:email])
|
|
end
|
|
|
|
required_fields = @template.preferences.fetch('link_form_fields', ['email'])
|
|
|
|
required_params = required_fields.index_with { |key| submitter_params[key] }
|
|
|
|
raise ActionController::RoutingError, I18n.t('not_found') if required_params.any? { |_, v| v.blank? } ||
|
|
required_params.except('name').compact_blank.blank?
|
|
|
|
@submitter = Submitter.where(submission: @template.submissions)
|
|
.where.not(completed_at: nil)
|
|
.find_by!(required_params)
|
|
end
|
|
|
|
private
|
|
|
|
def enqueue_new_submitter_jobs(submitter)
|
|
WebhookUrls.enqueue_events(submitter.submission, 'submission.created')
|
|
|
|
SearchEntries.enqueue_reindex(submitter)
|
|
|
|
return unless submitter.submission.expire_at?
|
|
|
|
ProcessSubmissionExpiredJob.perform_at(submitter.submission.expire_at, 'submission_id' => submitter.submission_id)
|
|
end
|
|
|
|
def load_resubmit_submitter
|
|
@resubmit_submitter =
|
|
if params[:resubmit].present? && !params[:resubmit].in?([true, 'true'])
|
|
Submitter.find_by(slug: params[:resubmit])
|
|
end
|
|
end
|
|
|
|
def authorize_start!
|
|
return redirect_to start_form_path(@template.slug) if @template.archived_at?
|
|
|
|
return if @resubmit_submitter
|
|
return if @template.shared_link? || (current_user && current_ability.can?(:read, @template))
|
|
|
|
Rollbar.warning("Not shared template: #{@template.id}") if defined?(Rollbar)
|
|
|
|
redirect_to start_form_path(@template.slug)
|
|
end
|
|
|
|
def find_or_initialize_submitter(template, submitter_params)
|
|
required_fields = template.preferences.fetch('link_form_fields', ['email'])
|
|
|
|
required_params = required_fields.index_with { |key| submitter_params[key] }
|
|
|
|
find_params = required_params.except('name')
|
|
|
|
submitter = Submitter.new if find_params.compact_blank.blank?
|
|
|
|
submitter ||=
|
|
Submitter
|
|
.where(submission: template.submissions.where(expire_at: Time.current..)
|
|
.or(template.submissions.where(expire_at: nil)).where(archived_at: nil))
|
|
.order(id: :desc)
|
|
.where(declined_at: nil)
|
|
.where(external_id: nil)
|
|
.where(template.preferences['shared_link_2fa'] == true ? {} : { ip: [nil, request.remote_ip] })
|
|
.then { |rel| params[:resubmit].present? || params[:selfsign].present? ? rel.where(completed_at: nil) : rel }
|
|
.find_or_initialize_by(find_params)
|
|
|
|
submitter.name = required_params['name'] if submitter.new_record?
|
|
|
|
unless @resubmit_submitter
|
|
required_params.each do |key, value|
|
|
submitter.errors.add(key.to_sym, :blank) if value.blank?
|
|
end
|
|
end
|
|
|
|
submitter
|
|
end
|
|
|
|
def assign_submission_attributes(submitter, template)
|
|
submitter.assign_attributes(
|
|
uuid: (filter_undefined_submitters(template).first || @template.submitters.first)['uuid'],
|
|
ip: request.remote_ip,
|
|
ua: request.user_agent,
|
|
values: @resubmit_submitter&.preferences&.fetch('default_values', nil) || {},
|
|
preferences: @resubmit_submitter&.preferences.presence || { 'send_email' => true },
|
|
metadata: @resubmit_submitter&.metadata.presence || {}
|
|
)
|
|
|
|
submitter.assign_attributes(@resubmit_submitter.slice(:name, :email, :phone)) if @resubmit_submitter
|
|
|
|
if submitter.values.present?
|
|
@resubmit_submitter.attachments.each do |attachment|
|
|
submitter.attachments << attachment.dup if submitter.values.value?(attachment.uuid)
|
|
end
|
|
end
|
|
|
|
submitter.submission ||= Submission.new(template:,
|
|
account_id: template.account_id,
|
|
template_submitters: template.submitters,
|
|
expire_at: Templates.build_default_expire_at(template),
|
|
submitters: [submitter],
|
|
source: :link)
|
|
|
|
submitter.account_id = submitter.submission.account_id
|
|
|
|
submitter
|
|
end
|
|
|
|
def filter_undefined_submitters(template)
|
|
Templates.filter_undefined_submitters(template.submitters)
|
|
end
|
|
|
|
def submitter_params
|
|
return { 'email' => current_user.email, 'name' => current_user.full_name } if params[:selfsign]
|
|
return @resubmit_submitter.slice(:name, :phone, :email) if @resubmit_submitter.present?
|
|
|
|
params.require(:submitter).permit(:email, :phone, :name).tap do |attrs|
|
|
attrs[:email] = Submissions.normalize_email(attrs[:email])
|
|
end
|
|
end
|
|
|
|
def load_template
|
|
@template =
|
|
if @resubmit_submitter
|
|
@resubmit_submitter.template
|
|
else
|
|
Template.find_by!(slug: params[:slug] || params[:start_form_slug])
|
|
end
|
|
end
|
|
|
|
def multiple_submitters_error_message
|
|
if current_user&.account_id == @template.account_id
|
|
helpers.t('this_submission_has_multiple_signers_which_prevents_the_use_of_a_sharing_link_html')
|
|
else
|
|
I18n.t('not_found')
|
|
end
|
|
end
|
|
|
|
def handle_require_2fa(submitter, is_new_record:)
|
|
return render :show, status: :unprocessable_content if submitter.errors.present?
|
|
|
|
is_otp_verified = Submitters.verify_link_otp!(params[:one_time_code], submitter)
|
|
|
|
if cookies.encrypted[:email_2fa_slug] == submitter.slug || is_otp_verified
|
|
if submitter.save
|
|
enqueue_new_submitter_jobs(submitter) if is_new_record
|
|
|
|
if is_otp_verified
|
|
SubmissionEvents.create_with_tracking_data(submitter, 'email_verified', request)
|
|
|
|
cookies.encrypted[:email_2fa_slug] =
|
|
{ value: submitter.slug, expires: COOKIES_TTL.from_now, **COOKIES_DEFAULTS }
|
|
end
|
|
|
|
redirect_to submit_form_path(submitter.slug)
|
|
else
|
|
render :show, status: :unprocessable_content
|
|
end
|
|
else
|
|
Submitters.send_shared_link_email_verification_code(submitter, request:)
|
|
|
|
render :email_verification
|
|
end
|
|
rescue Submitters::UnableToSendCode, Submitters::InvalidOtp => e
|
|
redirect_to start_form_path(submitter.submission.template.slug,
|
|
params: submitter_params.merge(email_verification: true)),
|
|
alert: e.message
|
|
rescue RateLimit::LimitApproached
|
|
redirect_to start_form_path(submitter.submission.template.slug,
|
|
params: submitter_params.merge(email_verification: true)),
|
|
alert: I18n.t(:too_many_attempts)
|
|
end
|
|
end
|