How to receive templates from user to send a email? - javascript

I'm making a service where a client of my service can decide what template they use when sending an email to a user.
I'm using pre-defined templates.
I'm working on node.js and using "email-templates" module for setting the template.
I want to receive the template from the client and use that template in sending their mail to give them a more personalized experience.
So, Can anyone help me with that?

Related

Send an email through Salesforce server from External Application

I have an angular application, and wants to send an email to Salesforce contacts from external application through salesforce server.
I did not find any api or javascript file which allows me to write the code to send an email through salesforce server from external application.
Thanks.
You can use sendEmail() to send one or more emails via Salesforce. It can be either a SingleEmailMessage or a MassEmailMessage.
MassEmailMessage is more useful if you are dealing with a collection of Contacts, Leads or Users. See What's the Advantage of using MassEmailMessage instead of multiple SingleEmailMessage?

Service for email form for a webpage

I need to put "contact us" form on a static webpage. I want to create the form myself, but I can't send emails from JavaScript. However, I can send HTTP requests. So I want to send request with all the data necessary to some service, and I want this service to send me an email.
I know SendGrid or Mandrill, but I don't want to create a gate for spammers. Obviously, if I used services like this my API-KEY would be publicly accessible in JS files. Unless it is possible to limit this services to send emails only to one address, but I couldn't find such option.
Another options are http://kontactr.com/ or http://www.emailmeform.com but they offer whole web form, and send complicated requests with some ID, which doesn't work when sent again. I.e. I can't forge working request myself. Also, Kontactr comes with captcha, which I don't want and can not remove.
Do you know any simple service I could use? I want it to be as simple as possible - just data in a request which then are sent to my email.
You can achieve this using SendGrid and Parse as outlined in this blog post: https://sendgrid.com/blog/send-email-static-websites-using-parse
Using Parse allows you to keep things like your SendGrid API key a secret.
Additionally, you can make it more spam resistant by adding a Captcha, either something you create yourself, or some of the services out there (reCaptcha, Sweetcaptcha, or others).

How to process sensitive data in single page apps

I need to understand and maybe ideas about single page apps.
I want to create a project, i'll do it with MVC. I also want to use AngularJS for client side programming.
I know that AngularJS is good for single page applications and when working with SPAs you send your data to API to process. But data sent from Angular is visible to user and open to be manipulated.
I don't want users to be able to see any data or access to the API from the internet. Witch way i should follow?
I'm thinking about keeping sensitive user data in MVC controller. For example let's say user Id is very sensitive for my project. If i keep user id in javascript variable, when i'm sending it to API with some command user will able to change the id and manipulate the system. But if i keep user-id in MVC controller, via user authentication, and send request to my MVC controller then the user won't be able to change it. But i know this is not the best way of doing things, there must be a more clever way.
I'll be glad if someone can explain how this things works in SPAs or when you use Angular and MVC together.
This won't work, you can't prevent user from tampering the data, crafting custom request and doing whatever she wants at her side.
What you should do is to never trust upcoming data - which means validate every incoming id twice, once when you produce it and then when it comes back. Either it comes plain and you verify if it's legal or you encrypt it so when it comes back you decrypt it.
Some data can be stored at the server side, the id you mention is such example. This way user never sees the data, what you pass is the session id which is a long random value, rather impossible to craft. This approach comes with the cost of server side resources that are used, the more users the more resources at the server stored between requests.

Securely Passing UserID from ASP.Net to Javascript

In the application I am currently developing we are using ASP.Net forms authentication to grant the user further access to the site. This site is targeted towards mobile users and as such we are attempting to be as hands off from the server as possible and make use of KnockoutJS to make the web service call and load the data so that the user can view it.
Right now the webservice (REST service using GET method) requires the username in order to load the data specific to that user. I have this information on the server side (ASP.net) and I can easily access either User.Identity.Name or access the forms authentication cookie directly and pull the information.
My problem is that I need to get the username from the server to the client so that the service call can be made. I have looked into doing this securely but so far have come up blank. Currently I am passing the username as a url parameter and parsing it out using JavaScript, with a check on the Page_Load method to verify the username in the url matches the logged in user.
I need a way to secure pass a username from ASP.Net that has authenticated the user using form to the client side JavaScript so I can make a REST webservice call.
EDIT: So after googling and meeting with my team lead I think we will be using an OAuth implementation similar to this example:
http://www.c-sharpcorner.com/UploadFile/surya_bg2000/secure-wcf-restful-service-using-oauth/
Also for anything else looking for the same answer I found this question very helpful in understanding OAuth:
What's the point of a timestamp in OAuth if a Nonce can only be used one time?
Assuming everything is implemented correctly would it be more secure (totally secure, secure, or more insecure?) to instead pass the generated signature via an ASP tag as mentioned below?
EDIT 2: After some more review and some more searching we finally decided on a framework and method of making this work. As it turns out OAuth isn't necessarily the answer here, this questions:
But Seriously.... Example of ASP.NET WebAPI implementation including OAuth
was a lot of help as well in figuring out how to make this work. What we are going to end up doing is generating the signature and putting in on the javascript and making the call like that. The signatures are going to be time sensitive and regenerated each time the user loads the page so very OAuth like but we arent implementing the full spec.
TL:DR Final solution was to generate a hash signature and put it on the page via ASP server tag <% aspvar_here %> and use it to validate the service call
Simplest way would be to render this javascript in your page:
<script type="text/javascript">
window.UserID = '<%=HttpUtility.JavaScriptStringEncode(this.User.Identity.Name)%>';
</script>
Now you can reference it in your JS.
But, more importantly, if this user id is not used just as a default parameter but instead to authenticate the user, this is a security hole. Normally the REST service should also be able to look at User.Identity.Name instead of receiving it as a argument.
Normally the username is provided by the client to begin with. It is then verified on the server-side (using whatever authentication is necessary, such as a password).
If it has been verified on the server side (in your case, this must be from a WCF web service as ASMX does not cope well with REST), then you can be sure that it is correct - plus you already have the username on the client-side.
EDIT:
As Knaģis pointed out, you can get it using an ASPX tag, presuming the page is an ASPX page and not HTML.
If you just want to have the username in the client side, the other answers explain how to do this.
But as you stated, this IS a security risk. Someone can modify the data on the client and impersonate another user.
The correct way to do this:
After a user successfully logs in, a Guid is issued which uniquely identifies this user.
The Guid is the token which is saved on the client and passed to the server not the username.
All webservices receive the Guid not the username.
Server has a dictionary which converts the Guid to the original username.
Another option can be to encrypt the username and pass the encrypted value to the webservice. The webservice will need to decrypt the value in order to get the username .

form authorization for asp.net web api using javascript

I want to rewrite business application using asp.net web api as service layer and use javascript to call the web api and get data, display etc.
I understand all the scenrios work fine, but main bottleneck is security. We have database for the user name and password. We want that user enter user name and password, validate it using web api. Then for each request pass the user name and password to check rights etc. What is the best way to secure this communication if any.
You're best bet is going to be implementing HTTPS with SSL. You would consider using an encryption algorithm, but everything will be expose anyone if you're using JavaScript which would make encrypting and decrypting on the client quiet pointless.
Here's is a good blog post reference you can review on the matter http://goo.gl/QkZOf

Categories

Resources