diff --git a/dada/DADA/App/WebServices.pm b/dada/DADA/App/WebServices.pm index bd94274fa..756f401fb 100644 --- a/dada/DADA/App/WebServices.pm +++ b/dada/DADA/App/WebServices.pm @@ -116,13 +116,7 @@ sub request { $self->r_digest( $args->{-digest} ); $self->r_cgi_obj( $args->{-cgi_obj} ); } - - warn '$self->check_list(): ' . $self->check_list(); - warn '$self->r_list: ' . $self->r_list; - warn '$self->r_public_key: ' . $self->r_public_key; - warn '$DADA::Config::GLOBAL_API_OPTIONS->{public_key}: ' - . $DADA::Config::GLOBAL_API_OPTIONS->{public_key}; - + if ( ( $self->check_list() == 1 ) && ( $self->r_public_key eq @@ -130,8 +124,6 @@ sub request { ) { - warn 'here.'; - $self->ls_obj( DADA::MailingList::Settings->new( { -list => $self->r_list } ) ); $self->global_level(1); @@ -148,7 +140,10 @@ sub request { else { # If there's a list that's passed, but it's invalid, this shouldn't workL if ( - ( $self->r_list eq undef ) + + ($self->r_list eq undef) || (length($self->r_list) <= 0) + + && ( $self->r_public_key eq $DADA::Config::GLOBAL_API_OPTIONS->{public_key} ) ) @@ -545,8 +540,6 @@ sub update_profile_fields { my $profile_fields = $self->r_cgi_obj->param('profile_fields'); $profile_fields = $json->decode($profile_fields); - #warn 'pf:' . $profile_fields; - # check to see if profiles exist? # Actually, it doesnm't matter to me if the profile exists or not, @@ -604,11 +597,20 @@ sub create_new_list { my $status = 0; my $errors = {}; + + if($self->global_level() == 0){ + return { + status => 0, + results => { + error => 'requires_global_keys', + } + }; + } -=pod # OK, so remember we need to do a list quota check: + my @t_lists = available_lists(); if(strip($DADA::Config::LIST_QUOTA) eq '') { $DADA::Config::LIST_QUOTA = undef; } @@ -619,27 +621,24 @@ sub create_new_list { if ( defined($DADA::Config::LIST_QUOTA) && ( ( $#t_lists + 1 ) >= $DADA::Config::LIST_QUOTA ) ) { - return user_error( - { -list => $list, -error => "over_list_quota" } ); + return { + status => 0, + results => { + error => 'over_list_quota', + } + }; } my @available_lists = DADA::App::Guts::available_lists(); my $lists_exist = $#available_lists + 1; -=cut my $settings = $self->r_cgi_obj->param('settings'); $settings = $json->decode($settings); - warn '$self->r_cgi_obj->param(\'options\'): ' - . $self->r_cgi_obj->param('options'); - my $options = $self->r_cgi_obj->param('options'); - $options = $json->decode($options); - - use Data::Dumper; - warn '$options: ' . Dumper($options); + $options = $json->decode($options) // {}; my $list_exists = check_if_list_exists( -List => $settings->{list} ); my ( $list_errors, $flags ) = check_list_setup( @@ -712,13 +711,7 @@ sub create_new_list { my $ls; if ( exists( $options->{clone_settings_from_list} ) ) { - warn 'yes.'; - - warn -'check_if_list_exists(-List => $options->{clone_settings_from_list}: ' - . check_if_list_exists( - -List => $options->{clone_settings_from_list} ); - + if ( check_if_list_exists( -List => $options->{clone_settings_from_list} @@ -726,8 +719,6 @@ sub create_new_list { ) { - warn 'yes.'; - $status = 0; $errors = { clone_list_no_exists => 1 }; return { @@ -739,8 +730,6 @@ sub create_new_list { } else { - warn 'yes.'; - $ls = DADA::MailingList::Create( { -list => $settings->{list}, @@ -754,8 +743,6 @@ sub create_new_list { } else { - warn 'yes.'; - $ls = DADA::MailingList::Create( { -list => $settings->{list}, @@ -814,12 +801,10 @@ sub create_new_list { }; } - use Data::Dumper; - return { status => 1, results => { - settings => Dumper($settings), + settings => $settings, } }; } @@ -845,24 +830,18 @@ sub check_request { $errors->{invalid_digest} = 1; } - warn '$self->check_list(): ' . $self->check_list(); - if ( $self->check_list() == 0 ) { - warn '$self->global_level: ' . $self->global_level; - warn '$self->r_list: ' . $self->r_list; - warn '$self->r_service: ' . $self->r_service; - if ( $self->global_level == 1 - && $self->r_list eq undef + && ( + ($self->r_list eq undef) || (length($self->r_list) <= 0) + ) && $self->r_service eq 'create_new_list' ) { # Special Case - this is fine. } else { - warn 'nope.'; - $status = 0; $errors->{invalid_list} = 1; } @@ -878,9 +857,6 @@ sub check_request { sub check_nonce { my $self = shift; - warn '$self->r_cgi_obj->param(\'nonce\'): ' - . $self->r_cgi_obj->param('nonce'); - my ( $timestamp, $nonce ) = split( ':', $self->r_cgi_obj->param('nonce') ); my $r = 0; @@ -908,8 +884,6 @@ sub check_public_key { # is what's passed in the request, so I guess this sort of makes sense: # - warn '$self->global_level : ' . $self->global_level; - my $tmp_public_key = undef; if ( $self->global_level == 1 ) { $tmp_public_key = $DADA::Config::GLOBAL_API_OPTIONS->{public_key}; diff --git a/dada/extras/documentation/pod_source/features-restful_web_services.pod b/dada/extras/documentation/pod_source/features-restful_web_services.pod index e63e42a94..b2567626e 100644 --- a/dada/extras/documentation/pod_source/features-restful_web_services.pod +++ b/dada/extras/documentation/pod_source/features-restful_web_services.pod @@ -13,13 +13,14 @@ The best way to do that, is to try it out! =head2 Introduction -Dada Mail's web services reveal some of the administrative features you'll find in Dada Mail's List Control Panel. Currently, there are services to allow you to verify subscriptions, subscribe addresses, as well as send mass mailings. +Dada Mail's web services reveal some of the administrative features you'll find in Dada Mail's List Control Panel. Currently, there are services to allow you to create a new list, verify subscriptions, subscribe addresses, as well as send mass mailings. These services are authenticated using an HMAC-with-Public/Private Hashes scheme. Data sent is not encrypted, so we suggest always to connect to the web service with an SSL connection. Example clients are currently available in B and B and allow you to access the services available remotely. + =head2 Public and Private Keys Both the public and private keys for your mailing list can be accessed in the mailing list's control panel under, @@ -28,6 +29,15 @@ I You may also reset your keys. Doing so will invalidate any other key pairs for the mailing list you're currently working with. + +=head2 Global Public and Private Keys + +Global key pairs can also be found under, I. These key pairs can be enabled and the keys can be reset using the Dada Mail Installer. More information: + +L + +Global keys can be used for anything you would use mailing list-specific keys, as well when creating a new mailing list. + =head3 Perl Client The Perl Client is called, C and is located at I. @@ -171,6 +181,10 @@ The C method will make the request for the service you want, see the Sy =over +=item * create_new_list + +(using Global API Keypairs only) + =item * validate_subscription =item * subscription @@ -308,6 +322,10 @@ The C method will make the request for the service you want, see the Sy =over +=item * create_new_list + +(using Global API Keypairs only) + =item * validate_subscription =item * subscription @@ -391,6 +409,85 @@ C has no paramaters to pass, so is send using B. The C (ex =head3 Services +=head4 create_new_list + +C creates a new list. + +The following paramaters are required to be passed: + +=over + +=item * settings + +Holds the settings that will make up the new mailing list. Example: + + "settings" : { + "list" : "list", + "list_name" : "List Name" + "list_owner_email" : "user@example.com", + "password" : "Password" + "info" : "List Description", + "privacy_policy" : "Privacy Policy" + "physical_address" : "Physical Address", + "consent" : "Consent for Mailing List" + }, + +=item * options + +Holds any options you would like for your mailing list. The following options are supported: + +=over + +=item * send_new_list_welcome_email + +Boolean, B. If B<1> is passed, an email will be sent to the list owner with information about the new mailing list + + +=item * send_new_list_welcome_email_with_list_pass + +Boolean, B. If B<1> is passed (and B is passed and set to B<1>), an email will be sent to the list owner with information about the new mailing list, including the mailing list password. + +=item * clone_settings_from_list + +String, B. If a valid list short name is password, list settings will be cloned from the host list, towards this new list. + +=back + +=back + +B: Pass a blank/undefined value for the, "list" in the C method for both the Perl and PHP clients! The C you want the new list to have will be passed in the C paramaters. + +Here's an example of using the php client to create a new list: + + # List is undefined + # public and private key are GLOBAL + $ws = new DadaMailWebService( + $server, + $public_key, + $private_key + ); + $params = [ + 'settings' => [ + 'list' => 'newlistname', + 'privacy_policy' => "privacy_policy", + 'list_name' => "New List Name", + 'list_owner_email' => 'listowner@example.com', + 'password' => "password" , + 'info' => "this is my list info", + 'physical_address' => "This is the physical address", + ], + 'options' => [ + 'send_new_list_welcome_email' => 1, + 'send_new_list_welcome_email_with_list_pass' => 1, + 'clone_settings_from_list' => 'existinglist', + ] + ]; + $results = $ws->request( + $list, + 'create_new_list', + $params + ); + =head4 validate_subscription C takes a list of addresses (and associated metadata) and validates the subscription, but B. diff --git a/dada/extras/documentation/pod_source/install_dada_mail-advanced_configuration.pod b/dada/extras/documentation/pod_source/install_dada_mail-advanced_configuration.pod index 76b582e5d..f1e65e3a9 100644 --- a/dada/extras/documentation/pod_source/install_dada_mail-advanced_configuration.pod +++ b/dada/extras/documentation/pod_source/install_dada_mail-advanced_configuration.pod @@ -397,6 +397,32 @@ Use this button to check if Dada Mail will be able to retrieve your template. If B C<$TEMPLATE_OPTIONS>. +=head2 Configure Global API Options + +Dada Mail provides a RESTful API to many of the functions of the app. +Public/Private keys are available for each mailing list, +and Global Public/Private API keys can be configured through the installer. +Global key pairs can do whatever the list key pairs can, as well as create new mailing lists. + +For more information on Dada Mail's RESTful API, see the following docs: + +L + + +=head3 Enable Global API + +Check this option to enable the Global API (disabled by B). + +=head3 Public Key, Private Key + +Below are listed your Global Public and Private Keys. +These keys aren't editable within the installer, +but you may reset them by clicking the button labeled, +B. + +Copy these keys down! They'll also be available when you log into a list using your B +and then going to, B under, B. + =head2 Configure Security Options diff --git a/dada/extras/scripts/webservices/DadaMailWebService.php b/dada/extras/scripts/webservices/DadaMailWebService.php index e70100ef2..b437c212f 100644 --- a/dada/extras/scripts/webservices/DadaMailWebService.php +++ b/dada/extras/scripts/webservices/DadaMailWebService.php @@ -91,7 +91,20 @@ public function request($list, $service, $params = false) case 'settings': $digest = $this->digest($nonce); break; - case 'validate_subscription': + case 'create_new_list': + + $encoded_settings = json_encode($params['settings']); + $encoded_options = json_encode($params['options']); + $query_params = array( + 'nonce' => $nonce, + 'options' => $encoded_options, + 'settings' => $encoded_settings + ); + $rpd = $this->the_query_string($query_params); + $digest = $this->digest($rpd); + break; + + case 'validate_subscription': case 'subscription': case 'unsubscription': $encoded_addresses = json_encode($params['addresses']); diff --git a/dada/installer-disabled/lib/DadaMailInstaller.pm b/dada/installer-disabled/lib/DadaMailInstaller.pm index 20c030989..49e5293e0 100755 --- a/dada/installer-disabled/lib/DadaMailInstaller.pm +++ b/dada/installer-disabled/lib/DadaMailInstaller.pm @@ -181,7 +181,7 @@ show_deployment_options => 1, show_profiles => 1, show_global_template_options => 1, show_security_options => 1, -show_global_api_options => 0, +show_global_api_options => 1, show_google_maps_options => 1, show_captcha_options => 1, show_global_mailing_list_options => 1,