Merge pull request #219 from pentacent/feature/double-opt-in

Implement Double-Opt-In

Author: wmnnd

Diff for: .devcontainer/Dockerfile

@@ -1,5 +1,5 @@
 # Update the VARIANT arg in docker-compose.yml to pick an Elixir version: 1.9, 1.10, 1.10.4
-ARG VARIANT="1.14.4"
+ARG VARIANT="1.15.1"
 FROM elixir:${VARIANT}
 
 # This Dockerfile adds a non-root user with sudo access. Update the “remoteUser” property in

Diff for: .github/workflows/ci.yml

@@ -14,7 +14,7 @@ jobs:
     strategy:
       matrix:
         include:
-          - version: "1.14"
+          - version: "1.15"
     services:
       postgres:
         image: postgres:13-alpine

Diff for: .github/workflows/release.yml

@@ -13,7 +13,7 @@ jobs:
     strategy:
       matrix:
         include:
-          - version: "1.14"
+          - version: "1.15"
     services:
       postgres:
         image: postgres:13-alpine

Diff for: .tool-versions

@@ -1,4 +1,4 @@
-elixir 1.15.6
+elixir 1.15.7-otp-26
 erlang 26.0
 dprint 0.36.0
 nodejs lts

Diff for: config/test.exs

@@ -25,7 +25,7 @@ config :keila, KeilaWeb.Endpoint,
   server: false
 
 # Print only warnings and errors during test
-config :logger, level: :warn
+config :logger, level: :warning
 
 # Configure Swoosh
 config :keila, Keila.Mailer, adapter: Swoosh.Adapters.Test

Diff for: lib/keila/billing/billing.ex

@@ -128,4 +128,6 @@ defmodule Keila.Billing do
   def get_plan(paddle_plan_id) do
     Plans.all() |> Enum.find(&(&1.paddle_id == paddle_plan_id))
   end
+
+  defdelegate feature_available?(project_id, feature), to: __MODULE__.Features
 end

Diff for: lib/keila/billing/features.ex

@@ -0,0 +1,36 @@
+defmodule Keila.Billing.Features do
+  @moduledoc """
+  This module provides the `feature_available?/2` function to determine whether
+  a certain feature is covered by the current plan of a project’s account on
+  managed Keila.
+  """
+
+  alias Keila.Accounts
+  alias Keila.Billing
+  alias Keila.Projects.Project
+
+  @features ~w[double_opt_in]a
+  @type feature :: :double_opt_in
+
+  @doc """
+  Returns `true` if the given feature is available for the specified project.
+
+  Always returns `true` if Billing is not enabled.
+  """
+  @spec feature_available?(Project.id(), feature) :: boolean()
+  def feature_available?(project_id, feature) when feature in @features do
+    if Billing.billing_enabled?() do
+      account = Accounts.get_project_account(project_id)
+      do_feature_available?(account, feature)
+    else
+      true
+    end
+  end
+
+  defp do_feature_available?(account, :double_opt_in) do
+    case Accounts.get_credits(account.id) do
+      {n, _} when n > 0 -> true
+      _other -> false
+    end
+  end
+end

Diff for: lib/keila/contacts/contacts.ex

@@ -6,7 +6,7 @@ defmodule Keila.Contacts do
   """
   use Keila.Repo
   alias Keila.Projects.Project
-  alias __MODULE__.{Contact, Import, Form, Segment}
+  alias __MODULE__.{Contact, Import, Form, FormParams, Segment}
   import KeilaWeb.Gettext
 
   @doc """
@@ -20,17 +20,8 @@ defmodule Keila.Contacts do
     |> Repo.insert()
   end
 
-  @doc """
-  Creates a new Contact within the given Project with dynamic casts and
-  validations based on the given form.
-  """
-  @spec create_contact_from_form(Form.t(), map()) ::
-          {:ok, Contact.t()} | {:error, Changeset.t(Contact.t())}
-  def create_contact_from_form(form, params) do
-    params
-    |> Contact.changeset_from_form(form)
-    |> Repo.insert()
-  end
+  defdelegate perform_form_action(form, params, opts), to: __MODULE__.FormActionHandler
+  defdelegate perform_form_action(form, params), to: __MODULE__.FormActionHandler
 
   @doc """
   Updates the specified Contact.
@@ -303,6 +294,77 @@ defmodule Keila.Contacts do
     :ok
   end
 
+  @doc """
+  Creates a new `FormParams` entity for the given `Form` ID and `attrs` map.
+  `FormParams` are used to implement the double opt-in mechanism; they are an
+  intermediate storage for the attributes submitted by a contact who has
+  submitted a signup form.
+  """
+  @spec create_form_params(Form.id(), map()) ::
+          {:ok, FormParams.t()} | {:error, Changeset.t(FormParams.t())}
+  def create_form_params(form_id, attrs) do
+    FormParams.changeset(form_id, attrs)
+    |> Repo.insert()
+  end
+
+  @doc """
+  Returns the `FormParams` entity for the given `id`. Returns `nil` if no such
+  entity exists.
+  """
+  @spec get_form_params(FormParams.id()) :: FormParams.t() | nil
+  def get_form_params(id) do
+    Repo.get(FormParams, id)
+  end
+
+  @doc """
+  Retrieves, deletes, and returns the `FormParams` entity with the given `id`.
+  Returns `nil` if no such entity exists.
+  """
+  @spec get_and_delete_form_params(FormParams.id()) :: FormParams.t() | nil
+  def get_and_delete_form_params(id) do
+    from(fa in FormParams, where: fa.id == ^id, select: fa)
+    |> Repo.delete_all()
+    |> case do
+      {1, [form_params]} -> form_params
+      _ -> nil
+    end
+  end
+
+  @doc """
+  Deletes the `FormParams` entity with the given `id`. Always returns `:ok`.
+  """
+  @spec delete_form_params(FormParams.id()) :: :ok
+  def delete_form_params(id) do
+    from(fa in FormParams, where: fa.id == ^id)
+    |> Repo.delete_all()
+
+    :ok
+  end
+
+  @doc """
+  Returns an HMAC string for the given `FormParams` ID that can be
+  used when verifying a contact in the double opt-in process.
+  """
+  @spec double_opt_in_hmac(Form.id(), FormParams.id()) :: String.t()
+  def double_opt_in_hmac(form_id, form_params_id) do
+    key = Application.get_env(:keila, KeilaWeb.Endpoint) |> Keyword.fetch!(:secret_key_base)
+    message = "double-opt-in:" <> form_id <> ":" <> form_params_id
+
+    :crypto.mac(:hmac, :sha256, key, message)
+    |> Base.url_encode64(padding: false)
+  end
+
+  @doc """
+  Verifies a HMAC string for the given `FormParams` ID.
+  """
+  @spec valid_double_opt_in_hmac?(String.t(), Form.id(), FormParams.id()) :: boolean()
+  def valid_double_opt_in_hmac?(hmac, form_id, form_params_id) do
+    case double_opt_in_hmac(form_id, form_params_id) do
+      ^hmac -> true
+      _other -> false
+    end
+  end
+
   @doc """
   Updates the status of a Contact.
 

Diff for: lib/keila/contacts/form_action_handler.ex

@@ -0,0 +1,53 @@
+defmodule Keila.Contacts.FormActionHandler do
+  @moduledoc """
+  Module to handle the submission for a Form.
+  """
+
+  use Keila.Repo
+  alias Keila.Contacts
+  alias Keila.Contacts.Contact
+  alias Keila.Contacts.FormParams
+  alias Keila.Mailings.SendDoubleOptInMailWorker
+
+  @doc """
+  Creates a new Contact within the given Project with dynamic casts and
+  validations based on the given form.
+
+  If the Form settings specify that Double Opt-in is required for form contacts,
+  creates a `FormParams` entity instead and sends the opt-in email.
+
+  ## Options:
+  - `:changeset_transform` - function to transform the changeset before
+    `Repo.insert/1` is called. This is primarily used to add CAPTCHA checking
+    from the controller layer
+  """
+  @spec perform_form_action(Form.t(), map()) ::
+          {:ok, Contact.t() | FormParams.t()} | {:error, Changeset.t(Contact.t())}
+  def perform_form_action(form, params, opts \\ []) do
+    changeset_transform = Keyword.get(opts, :changeset_transform, & &1)
+
+    params
+    |> Contact.changeset_from_form(form)
+    |> changeset_transform.()
+    |> Repo.insert()
+    |> case do
+      {:ok, contact} ->
+        {:ok, contact}
+
+      {:error, changeset = %{errors: [double_opt_in: {"HMAC missing", _}]}} ->
+        create_form_params_from_changeset(form, changeset)
+
+      {:error, changeset} ->
+        {:error, changeset}
+    end
+  end
+
+  defp create_form_params_from_changeset(form, changeset) do
+    {:ok, form_params} = Contacts.create_form_params(form.id, changeset.changes)
+
+    SendDoubleOptInMailWorker.new(%{"form_params_id" => form_params.id})
+    |> Oban.insert()
+
+    {:ok, form_params}
+  end
+end

Diff for: lib/keila/contacts/query.ex

@@ -38,7 +38,7 @@ defmodule Keila.Contacts.Query do
 
   @type opts :: {:filter, map()} | {:sort, map()}
 
-  @fields ["id", "email", "inserted_at", "first_name", "last_name", "status"]
+  @fields ["id", "email", "inserted_at", "first_name", "last_name", "status", "double_opt_in_at"]
 
   @spec apply(Ecto.Query.t(), [opts]) :: Ecto.Query.t()
   def apply(query, opts) do

Diff for: lib/keila/contacts/schemas/contact.ex

@@ -14,6 +14,7 @@ defmodule Keila.Contacts.Contact do
     field(:last_name, :string)
     field(:status, Ecto.Enum, values: @statuses, default: :active)
     field(:data, Keila.Repo.JsonField)
+    field(:double_opt_in_at, :utc_datetime)
     belongs_to(:project, Keila.Projects.Project, type: Keila.Projects.Project.Id)
     timestamps()
   end
@@ -34,10 +35,14 @@ defmodule Keila.Contacts.Contact do
     |> cast(params, [:email, :first_name, :last_name, :data])
     |> validate_email()
     |> check_data_size_constraint()
+    |> maybe_remove_double_opt_in_at()
   end
 
   @spec changeset_from_form(t(), Ecto.Changeset.data(), Form.t()) :: Ecto.Changeset.t(t())
   def changeset_from_form(struct \\ %__MODULE__{}, params, form) do
+    form_params_id = get_param(params, :form_params_id)
+    double_opt_in_hmac = get_param(params, :double_opt_in_hmac)
+
     cast_fields =
       form.field_settings
       |> Enum.filter(& &1.cast)
@@ -52,9 +57,14 @@ defmodule Keila.Contacts.Contact do
     |> cast(params, cast_fields)
     |> validate_dynamic_required(required_fields)
     |> validate_email()
+    |> validate_double_opt_in(form, form_params_id, double_opt_in_hmac)
     |> put_change(:project_id, form.project_id)
   end
 
+  defp get_param(params, param) do
+    params[param] || params[to_string(param)]
+  end
+
   defp validate_dynamic_required(changeset, required_fields)
   defp validate_dynamic_required(changeset, []), do: changeset
   defp validate_dynamic_required(changeset, fields), do: validate_required(changeset, fields)
@@ -75,4 +85,31 @@ defmodule Keila.Contacts.Contact do
     |> validate_length(:email, max: 255)
     |> unique_constraint([:email, :project_id])
   end
+
+  defp maybe_remove_double_opt_in_at(changeset) do
+    changed_email = get_change(changeset, :email)
+    current_email = changeset.data.email
+
+    if not is_nil(changed_email) and not is_nil(current_email) and changed_email != current_email do
+      put_change(changeset, :double_opt_in_at, nil)
+    else
+      changeset
+    end
+  end
+
+  defp validate_double_opt_in(changeset, %{settings: %{double_opt_in_required: false}}, _, _),
+    do: changeset
+
+  defp validate_double_opt_in(changeset, form, form_params_id, hmac)
+       when is_binary(form_params_id) and is_binary(hmac) do
+    if Keila.Contacts.valid_double_opt_in_hmac?(hmac, form.id, form_params_id) do
+      put_change(changeset, :double_opt_in_at, DateTime.utc_now(:second))
+    else
+      add_error(changeset, :double_opt_in, "Invalid HMAC")
+    end
+  end
+
+  defp validate_double_opt_in(changeset, _, _, _) do
+    add_error(changeset, :double_opt_in, "HMAC missing")
+  end
 end

Diff for: lib/keila/contacts/schemas/form.ex

@@ -1,5 +1,7 @@
 defmodule Keila.Contacts.Form do
   use Keila.Schema, prefix: "frm"
+  alias Keila.Templates.Template
+  alias Keila.Mailings.Sender
 
   schema "contacts_forms" do
     belongs_to(:project, Keila.Projects.Project, type: Keila.Projects.Project.Id)
@@ -8,20 +10,28 @@ defmodule Keila.Contacts.Form do
     embeds_one(:settings, Keila.Contacts.Form.Settings)
     embeds_many(:field_settings, Keila.Contacts.Form.FieldSettings)
 
+    # Double opt-in properties
+    belongs_to(:sender, Sender, type: Sender.Id)
+    belongs_to(:template, Template, type: Template.Id)
+
     timestamps()
   end
 
   def creation_changeset(struct \\ %__MODULE__{}, params) do
     struct
-    |> cast(params, [:name, :project_id])
+    |> cast(params, [:name, :project_id, :sender_id, :template_id])
     |> cast_embed(:settings)
     |> cast_embed(:field_settings)
+    |> validate_assoc_project(:sender, Sender)
+    |> validate_assoc_project(:template, Template)
   end
 
   def update_changeset(struct \\ %__MODULE__{}, params) do
     struct
-    |> cast(params, [:name])
+    |> cast(params, [:name, :sender_id, :template_id])
     |> cast_embed(:settings)
     |> cast_embed(:field_settings)
+    |> validate_assoc_project(:sender, Sender)
+    |> validate_assoc_project(:template, Template)
   end
 end

Diff for: lib/keila/contacts/schemas/form_params.ex

@@ -0,0 +1,36 @@
+defmodule Keila.Contacts.FormParams do
+  @moduledoc """
+  FormParams hold the parameters for a `Keila.Contacts.Form` to be submitted
+  again after a double opt-in process.
+  """
+  use Keila.Schema, prefix: "f_attr"
+  alias Keila.Contacts.Form
+
+  @expiry_in_days 60
+
+  schema "contacts_form_params" do
+    field :params, :map
+    field :expires_at, :utc_datetime
+    belongs_to :form, Form, type: Form.Id
+    timestamps()
+  end
+
+  def changeset(struct \\ %__MODULE__{}, form_id, params) do
+    struct
+    |> change()
+    |> put_change(:form_id, form_id)
+    |> put_change(:params, params)
+    |> maybe_put_expires_at()
+  end
+
+  defp maybe_put_expires_at(changeset) do
+    case get_field(changeset, :expires_at) do
+      nil -> put_change(changeset, :expires_at, expires_at())
+      _ -> changeset
+    end
+  end
+
+  defp expires_at() do
+    DateTime.utc_now() |> DateTime.truncate(:second) |> DateTime.add(@expiry_in_days, :day)
+  end
+end