search

icebreaker-science / backend

The backend (Spring Boot) part of the icebreaker.science application
Apache License 2.0
2 stars 0 forks source link

Contact the owner of a device #17

Closed chaoran-chen closed 4 years ago

chaoran-chen commented 4 years ago

For the contact form: https://xd.adobe.com/view/8fe4eee6-53b6-4871-bd0f-4582b2b6048a-dab7/screen/75c416c0-08e7-4fbb-81cb-55de14bb7e92/?fullscreen

This is a proposal for the API, other suggestions are very welcome :)

Request:

POST /device_availability/{id}/contact

{
  name: string,
  email: string,
  message: string
}

Response:

For the very beginning, the endpoint should be available for every user - no registration required. Later, the users without an account should have to solve a CAPTCHA.

The following email should then be sent to the user who has filled out the contact form

Dear [name],

Thank you very much for your request. The following message was forwarded to the owner of the device:

[message text]

Icebreaker.science only offers to bring providers and seekers in contact, please arrange the terms of the cooperation or exchange directly with the provider.

Thank you for using our service. If you have any questions regarding Icebreaker, please contact us at mail@icebreaker.science.

Best regards, Your Icebreaker-Team

https://icebreaker.science/ mail@icebreaker.science

And this text should be sent to the owner of the device:

Dear [name],

A request was registered for a device you offered via Icebreaker.science.

In the following, you can see the contact details of the person interested in a cooperation or exchange:

Name: [...] Email: [...] Message:

[message]

Thank you for using our service. If you have any questions regarding Icebreaker, please contact us at mail@icebreaker.science.

Best regards, Your Icebreaker-Team

https://icebreaker.science/ mail@icebreaker.science

All sent emails should also be BCCed to an internal email address of ours.

Question: Are there some kind of injections we need to pay attention to?

michael-kamel commented 4 years ago

In principle, yes. there could be some injections and we can handle those to some extent, but there is also the point that the message could contain malicious links. and the user should be warned about those for his/her own protection and (possible) legal issues.

vordemann commented 4 years ago

The mail@icebreaker.science and no-reply@icebreaker.science mailbox is now created. Please contact me for the login credentials for no-reply if you need them.

vordemann commented 4 years ago

no-reply@ is the mailbox that sends out the confirmation mails. It can bcc itself. mail@ should be set as the reply to option.

dajenet commented 4 years ago

Suggestions for the mail subjects?

chaoran-chen commented 4 years ago

Just choose something for now, we will adjust the email texts and subjets before release anyway.