fixes issue #344-mailer

[haitzlm]

fixes #344 - updated to send mail securely

[hortongn]

@scherztc when you get a chance, deploy this to libappstest and verify sending a password reset email works.

[scherztc]

I deployed this branch to libappstest and attempted to sign up a new user. I got the following error :

[d10e9102-6cc5-4bb3-bcab-547b571cdaf6] OpenSSL::SSL::SSLError (SSL_connect returned=1 errno=0 peeraddr=127.0.0.1:25 state=error: certificate verify failed (Hostname mismatch)):
[d10e9102-6cc5-4bb3-bcab-547b571cdaf6]
[d10e9102-6cc5-4bb3-bcab-547b571cdaf6] app/mailers/new_user_signup_mailer.rb:15:in block in new_user_signup_mail' [d10e9102-6cc5-4bb3-bcab-547b571cdaf6] app/mailers/new_user_signup_mailer.rb:13:in new_user_signup_mail'
[d10e9102-6cc5-4bb3-bcab-547b571cdaf6] app/models/user.rb:28:in `send_admin_mail'

[scherztc]

@haitzlm : HOLD on this Review. This doesn't do it securely. Let me try again.

Update this PR to use these settings for config/environments/production.rb. I followed the model from the Treatment Database.

  # Configure Mailers
  config.action_mailer.perform_caching = false
  config.action_mailer.default_options = { from: '[email protected]' }
  # Store the base url from where request is received.
  config.action_mailer.default_url_options = { host: ENV.fetch('APP_PORTFOLIO_PRODUCTION_MAILER_URL', nil), protocol: 'https' }
  config.action_mailer.delivery_method = :smtp
  # updated for tls and sendmail
  config.action_mailer.smtp_settings = {
    enable_starttls_auto: false,
  }

I tested these on libappstest.libraries.uc.edu and was able to send mail.

Also, rebase this PR from the qa branch.

git checkout qa
git pull
git checkout update-mailer
git rebase qa

[scherztc]

Here is the secure configuration that works on libappstest and libapps.

config.action_mailer.default_url_options = { host: ENV['APP_PORTFOLIO_PRODUCTION_MAILER_URL'] }
config.mailer_from = '[email protected]'
config.action_mailer.delivery_method = :smtp
config.action_mailer.smtp_settings = {
  # 'address' specifies the address of the server that will handle email sending.
  address: ENV['MAIL_SMTP_ADDRESS'],
  # 'port' specifies which port to use on the SMTP server.
  # Port 25 is the default port for SMTP servers like Postfix.
  enable_starttls_auto: true,
  port: 25,
  # 'ca_file' is the path to the certificate authority file.
  # In our case, it's a self-signed certificate. This tells Rails to trust this specific certificate.
  ca_file: '/etc/ssl/certs/sendmail.pem'
}

We will also need to a value to the .env.production file for

MAIL_SMTP_ADDRESS='libappstest.libraries.uc.edu'

I can work with you to get all of this into the PR and rebase.

[scherztc]

@haitzlm : I added a commit to account for the missing environment variables, the rexml vulnerability, and sendmail configuration settings. I pushed this branch up to libappstest.libraries.uc.edu and test the mailer by creating a new user. It successfully sent an e-mail. Since we both worked on the code and tested it on qa, I am okay with either of us merging this.

[haitzlm]

Thomas, what do you need me to do here?